|
Family: Ubuntu Local Security Checks --> Category: infos
USN230-2 : xine-lib vulnerability Vulnerability Scan
Vulnerability Scan Summary xine-lib vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- libxine-dev
- libxine1
- libxine1c2
Description :
USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine
library contains a copy of the ffmpeg code, thus it is vulnerable to
the same flaw.
For reference, this is the original advisory:
Simon Kilvington discovered a buffer overflow in the
avcodec_default_get_buffer() function of the ffmpeg library. By
tricking an user into opening a malicious movie which contains
specially crafted PNG images, this could be exploited to execute
arbitrary code with the user's rights.
Solution :
Upgrade to :
- libxine-dev-1.0.1-1ubuntu10.2 (Ubuntu 5.10)
- libxine1-1.0-1ubuntu3.6 (Ubuntu 5.04)
- libxine1c2-1.0.1-1ubuntu10.2 (Ubuntu 5.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|