Package name
xine-ui
Date
2007-08-09
Advisory ID
MDKSA-2007:154
Affected versions
2007.1 i586 , 2007.1 x86_64

Problem description

Format string vulnerability in the errors_create_window function in
errors.c in xine-ui allows attackers to execute arbitrary code via
unknown vectors. (CVE-2007-0254)

XINE 0.99.4 allows user-assisted remote attackers to cause a denial
of service (application crash) and possibly execute arbitrary code
via a certain M3U file that contains a long #EXTINF line and contains
format string specifiers in an invalid udp:// URI, possibly a variant
of CVE-2007-0017. (CVE-2007-0255)

Updated packages have been patched to prevent these issues.

Updated packages

2007.1 i586

 c434c86a89fd5e9118733be9a16a3cbf  2007.1/i586/xine-ui-0.99.4-8.1mdv2007.1.i586.rpm
 75745fc2817175d8ee9df18c9ee2078d  2007.1/i586/xine-ui-aa-0.99.4-8.1mdv2007.1.i586.rpm
 4e64a5b63873c3f4f183ee3609768ac4  2007.1/i586/xine-ui-fb-0.99.4-8.1mdv2007.1.i586.rpm 
 59e8237e62759e227d029608185ceea5  2007.1/SRPMS/xine-ui-0.99.4-8.1mdv2007.1.src.rpm

2007.1 x86_64

 e508d6774762b78fc30c630287c14085  2007.1/x86_64/xine-ui-0.99.4-8.1mdv2007.1.x86_64.rpm
 5b6aa55d13da6bb9a25b3740cdf66a3c  2007.1/x86_64/xine-ui-aa-0.99.4-8.1mdv2007.1.x86_64.rpm
 af27c02674f3b99e65b70b54ba9b7917  2007.1/x86_64/xine-ui-fb-0.99.4-8.1mdv2007.1.x86_64.rpm 
 59e8237e62759e227d029608185ceea5  2007.1/SRPMS/xine-ui-0.99.4-8.1mdv2007.1.src.rpm

References