Nom du paquet
xine-ui
Date
2006-05-10
Advisory ID
MDKSA-2006:085
Affected versions
CS3.0 i586 , 2006.0 i586 , 2006.0 x86_64 , CS3.0 x86_64

Problem description

Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine allow
remote attackers to execute arbitrary code via format string specifiers in
a long filename on an EXTINFO line in a playlist file.

Packages have been patched to correct this issue.

Updated packages

CS3.0 i586

 19461fcb7b20d100d804d59a156d47e9  corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.i586.rpm
 e72a7090b1027ffd1d051785ba638d2b  corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.i586.rpm
 9f735f80528fbe7645819b8c7ee1392e  corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.i586.rpm
 70b43223c2a42e044cc92e6721b9c074  corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm

2006.0 i586

 650fe424e812f24ca55fbae9ac58f191  2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.i586.rpm
 93642d5dcbf76bdb55f6a1b79a82a740  2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.i586.rpm
 233e02e5d13ea968b7497a67df0094a9  2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.i586.rpm
 f4b89ad1d813c792c5700861b360066f  2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm

2006.0 x86_64

 71e490c1d0941c5c93601968165af681  x86_64/2006.0/RPMS/xine-ui-0.99.4-1.1.20060mdk.x86_64.rpm
 263a49cfbf4be6832af2f583b0e30ea8  x86_64/2006.0/RPMS/xine-ui-aa-0.99.4-1.1.20060mdk.x86_64.rpm
 2f6a5637fd940883b8381491dc1fa403  x86_64/2006.0/RPMS/xine-ui-fb-0.99.4-1.1.20060mdk.x86_64.rpm
 f4b89ad1d813c792c5700861b360066f  x86_64/2006.0/SRPMS/xine-ui-0.99.4-1.1.20060mdk.src.rpm

CS3.0 x86_64

 40d8285c71ff0b1c6649576ba98bb1d3  x86_64/corporate/3.0/RPMS/xine-ui-0.9.23-3.3.C30mdk.x86_64.rpm
 a8ed9fe1599138cfa39dc8a748bbcb3d  x86_64/corporate/3.0/RPMS/xine-ui-aa-0.9.23-3.3.C30mdk.x86_64.rpm
 53a46955f3dff408ff65995043ec30da  x86_64/corporate/3.0/RPMS/xine-ui-fb-0.9.23-3.3.C30mdk.x86_64.rpm
 70b43223c2a42e044cc92e6721b9c074  x86_64/corporate/3.0/SRPMS/xine-ui-0.9.23-3.3.C30mdk.src.rpm

References