MDKSA-2007:027

Package name

xine-ui

Date

2007-01-26

Advisory ID

MDKSA-2007:027

Affected versions

CS3.0 i586 , CS3.0 x86_64 , 2007.0 x86_64 , 2007.0 i586

Problem description

Format string vulnerability in the errors_create_window function in
errors.c in xine-ui allows attackers to execute arbitrary code via
unknown vectors. (CVE-2007-0254)

XINE 0.99.4 allows user-assisted remote attackers to cause a denial of
service (application crash) and possibly execute arbitrary code via a
certain M3U file that contains a long #EXTINF line and contains format
string specifiers in an invalid udp:// URI, possibly a variant of
CVE-2007-0017. (CVE-2007-0255)

The updated packages have been patched to correct these issues.

Updated packages

CS3.0 i586

 47b308a588d752dd44a813a05a5aa20a  corporate/3.0/i586/xine-ui-0.9.23-3.4.C30mdk.i586.rpm
 41a13fc734f6d97f9b9c49763247df45  corporate/3.0/i586/xine-ui-aa-0.9.23-3.4.C30mdk.i586.rpm
 488ece09c2e10ffe0403ccb38f259f61  corporate/3.0/i586/xine-ui-fb-0.9.23-3.4.C30mdk.i586.rpm 
 c37c03e48156837ed8081f53f79006d8  corporate/3.0/SRPMS/xine-ui-0.9.23-3.4.C30mdk.src.rpm

CS3.0 x86_64

 eec4092fa0e0ca22af09e1e6f291f6e0  corporate/3.0/x86_64/xine-ui-0.9.23-3.4.C30mdk.x86_64.rpm
 6763e423a13d3a9dffadf6c642085003  corporate/3.0/x86_64/xine-ui-aa-0.9.23-3.4.C30mdk.x86_64.rpm
 57863e4da81d1e698e23d6b0889b33cb  corporate/3.0/x86_64/xine-ui-fb-0.9.23-3.4.C30mdk.x86_64.rpm 
 c37c03e48156837ed8081f53f79006d8  corporate/3.0/SRPMS/xine-ui-0.9.23-3.4.C30mdk.src.rpm

2007.0 x86_64

 6936d70577dac7200be466ddc5776ad8  2007.0/x86_64/xine-ui-0.99.4-7.1mdv2007.0.x86_64.rpm
 47692d8f90bb60344b780a93b1465784  2007.0/x86_64/xine-ui-aa-0.99.4-7.1mdv2007.0.x86_64.rpm
 afb78af3b93eb9ae77f5d26fa78a480e  2007.0/x86_64/xine-ui-fb-0.99.4-7.1mdv2007.0.x86_64.rpm 
 3df57e9d2ba0e239fb0efaac6aae80b9  2007.0/SRPMS/xine-ui-0.99.4-7.1mdv2007.0.src.rpm

2007.0 i586

 5a00fa676e755f473ed3894fdbed6fae  2007.0/i586/xine-ui-0.99.4-7.1mdv2007.0.i586.rpm
 22ee97e6cab9a53cfbb623911acbff08  2007.0/i586/xine-ui-aa-0.99.4-7.1mdv2007.0.i586.rpm
 323d3e53cff4659c12fa4c9c64b8cf80  2007.0/i586/xine-ui-fb-0.99.4-7.1mdv2007.0.i586.rpm 
 3df57e9d2ba0e239fb0efaac6aae80b9  2007.0/SRPMS/xine-ui-0.99.4-7.1mdv2007.0.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0254
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0255