MDKSA-2006:085
- Package name
- xine-ui
- Date
- 2006-05-10
- Advisory ID
- MDKSA-2006:085
- Affected versions
- CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64
Problem description
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow
remote attackers to execute arbitrary code via format string specifiers in
a long filename on an EXTINFO line in a playlist file.
Packages have been patched to correct this issue.
Updated packages
CS3.0 i586
19461fcb7b20d100d804d59a156d47e9 corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.i586.rpm e72a7090b1027ffd1d051785ba638d2b corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.i586.rpm 9f735f80528fbe7645819b8c7ee1392e corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.i586.rpm 70b43223c2a42e044cc92e6721b9c074 corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm
2006.0 i586
650fe424e812f24ca55fbae9ac58f191 2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.i586.rpm 93642d5dcbf76bdb55f6a1b79a82a740 2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.i586.rpm 233e02e5d13ea968b7497a67df0094a9 2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.i586.rpm f4b89ad1d813c792c5700861b360066f 2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm
2006.0 x86_64
71e490c1d0941c5c93601968165af681 x86_64/2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.x86_64.rpm 263a49cfbf4be6832af2f583b0e30ea8 x86_64/2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.x86_64.rpm 2f6a5637fd940883b8381491dc1fa403 x86_64/2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.x86_64.rpm f4b89ad1d813c792c5700861b360066f x86_64/2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm
CS3.0 x86_64
40d8285c71ff0b1c6649576ba98bb1d3 x86_64/corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.x86_64.rpm a8ed9fe1599138cfa39dc8a748bbcb3d x86_64/corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.x86_64.rpm 53a46955f3dff408ff65995043ec30da x86_64/corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.x86_64.rpm 70b43223c2a42e044cc92e6721b9c074 x86_64/corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm