Ubuntu Security Notice USN-123-1
6th May, 2005
xine-lib vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.04
- Ubuntu 4.10
Details
Two buffer overflows have been discovered in the MMS and Real RTSP
stream handlers of the Xine library. By tricking a user to connect to
a malicious MMS or RTSP video/audio stream source with an application
that uses this library, an attacker could crash the client and
possibly even execute arbitrary code with the privileges of the player
application.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.04:
- libxine1
- Ubuntu 4.10:
- libxine1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None