Slackware Advisory SSA:2005-283-01 Xine-lib Network Vulnerability

Summary

The remote host is missing an update as announced via advisory SSA:2005-283-01.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2005-283-01

Insight

New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide (by uploading or running a server) specially crafted CDDB information and then get the user to play the referenced audio CD. The official Xine advisory may be found here: http://xinehq.de/index.php/security/XSA-2005-1

Severity

Classification

CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Slackware Advisory SSA:2005-269-02 X.Org pixmap overflow
Slackware Advisory SSA:2006-211-01 mysql
Slackware Advisory SSA:2007-243-01 java (jre, jdk)
Slackware Advisory SSA:2005-310-05 PHP
Slackware Advisory SSA:2003-251-01 inetd DoS patched

Slackware Advisory SSA:2005-283-01 xine-lib

Take action and discover your vulnerabilities