In association with heise online

28 January 2008, 09:50

xine-lib update closes security holes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A xine-lib update closes vulnerabilities in the media library. Attackers were able to use crafted data streams or MPEG files to inject arbitrary code into users' systems.

In version, the developers fixed a recently published vulnerability in the implementation of the Realtime Streaming Protocol (RTSP). The new version 1.1.10 addresses another flaw which allows malicious code to be injected and executed when processing crafted MPEG files. This flaw originally affected xine-lib 1.1.1 and was resolved, but developers reintroduced it as they continued to develop the software.

The new versions also fix additional flaws which for example can disrupt audio output. Source code packages of the updated versions for compilation are available for download from the project pages. Linux distributors should issue new packages shortly. Users of the software are advised to update as soon as possible.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit