xine-lib security vulnerability

Tim van der Molen tbm at home.nl
Sun Oct 16 07:00:32 PDT 2005


"By setting up a malicious CDDB server, an attacker can overwrite
arbitrary memory locations with arbitrary data." Among the affected
versions are all 1.0 releases up to and including 1.0.2, and 1.1.0.

The problem is solved in version 1.0.3a. A patch against CVS is also
available. A workaround is to delete the xineplug_inp_cdda.so file.

More information: <http://xinehq.de/index.php/security/XSA-2005-1>.

Regards,
Tim



More information about the lfs-security mailing list