Xine-Lib Removes Vulnerabilities

Apr 02, 2008

The second update of the Xine-Lib video back-end within a month, closes down a number of integer overflows that were described in CVE-2008-1482.

Previously, attackers could craft a video file to take control of the player with user level privileges. Besides the security updates, the release sees the introduction of a number of minor improvements, including reworked memory management tests, a number of plausibility checks for playing WAV files, and improvements to individual decoders.

Debian has responded to the vulnerabilities by releasing new packages that also remove various previous issues. Red Hat classifies the bugs as "known"; we were unable to ascertain any tangible facts on OpenSUSE's handling of the vulnerabilities.

Related content

  • Vulnerabilities in Xine-Lib and Mplayer

    Vulnerabilities have been discovered in two major media players for Linux. A Xine-Lib vulnerability also affects Mplayer.

  • Local Root Exploit in Udev

    The udev subsystem allows the Linux kernel, together with a userland program, to manage device nodes dynamically, adding and removing them at will. It has now been revealed that the communication channel between the kernel and program fails to authenticate, so that users can assume root privileges.

  • Enlightenment 17

    Enlightenment has a large community of fans who are patiently waiting for a new version. If you are brave enough to try out Development Release 17, you’ll find an aesthetically pleasing and extremely flexible window manager.

comments powered by Disqus