USN-435-1: Xine vulnerability
12 March 2007
Xine vulnerability
Releases
Details
Moritz Jodeit discovered that the DirectShow loader of Xine did not
correctly validate the size of an allocated buffer. By tricking a user
into opening a specially crafted media file, an attacker could execute
arbitrary code with the user's privileges.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 6.10
-
libxine1
-
1.1.2+repacked1-0ubuntu3.4
Ubuntu 6.06
-
libxine-main1
-
1.1.1+ubuntu2-7.7
Ubuntu 5.10
-
libxine1c2
-
1.0.1-1ubuntu10.9
In general, a standard system upgrade is sufficient to effect the
necessary changes.