Ubuntu Security Notice USN-230-2
16th December, 2005
xine-lib vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 5.10
- Ubuntu 5.04
- Ubuntu 4.10
Details
USN-230-1 fixed a vulnerability in the ffmpeg library. The Xine
library contains a copy of the ffmpeg code, thus it is vulnerable to
the same flaw.
For reference, this is the original advisory:
Simon Kilvington discovered a buffer overflow in the
avcodec_default_get_buffer() function of the ffmpeg library. By
tricking an user into opening a malicious movie which contains
specially crafted PNG images, this could be exploited to execute
arbitrary code with the user's privileges.
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 5.10:
- libxine1
- libxine1c2
- Ubuntu 5.04:
- libxine1
- libxine1c2
- Ubuntu 4.10:
- libxine1
- libxine1c2
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
None