Xine-Lib 1.1.11.1 Removes Vulnerabilities

Apr 02, 2008

The second update of the Xine-Lib video back-end within a month, closes down a number of integer overflows that were described in CVE-2008-1482.

Previously, attackers could craft a video file to take control of the player with user level privileges. Besides the security updates, the release sees the introduction of a number of minor improvements, including reworked memory management tests, a number of plausibility checks for playing WAV files, and improvements to individual decoders.

Debian has responded to the vulnerabilities by releasing new packages that also remove various previous issues. Red Hat classifies the bugs as "known"; we were unable to ascertain any tangible facts on OpenSUSE's handling of the vulnerabilities.

(Nils Magnus)

Comments

Digg

Live Streaming of LISA '08
22nd Large Installation System Administration Conference If you follow the fortunes of large installation IT, tune in on November 12-14 for a front row ticket to the Invited Talks series of the USENIX LISA conference. Find out more

Live Streaming of LISA '08

22nd Large Installation System Administration Conference

If you follow the fortunes of large installation IT, tune in on November 12-14 for a front row ticket to the Invited Talks series of the USENIX LISA conference.

Find out more

In the US and Canada, Linux Magazine is known as Linux Pro Magazine.
Entire contents © 2008 [Linux New Media USA, LLC]
Linux New Media web sites:
North America: [Linux Pro Magazine]
UK/Worldwide: [Linux Magazine]
Germany: [Linux-Magazin] [LinuxUser] [EasyLinux] [Linux-Community] [Linux-Nachrichten] [Linux Events]
Eastern Europe: [Linux Magazine Poland] [Linux Community Poland] [Darmowe Programy Poland] [Open Source DVD Poland] [Linux Magazin Romania]
International: [Linux Magazine Brazil] [Linux Magazine Spanish]
Corporate: [Linux New Media AG]