Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Fedora 10 Miro Update Critical: Firefox Memory Flaw Fixes

fedora
Calendar Grey March 28, 2009
Dist Fedora Esm H88
The latest revision of Miro for Fedora 10 addresses significant vulnerabilities in Firefox, enhancing defenses against potential remote exploits.
A memory corruption flaw was discovered in the way Firefox handles XML files containing an XSLT transform

Summary

Miro is a free application that turns your computer into an

internet TV video player. This release is still a beta version, which means

that there are some bugs, but we're moving quickly to fix them and will be

releasing bug fixes on a regular basis.

A memory corruption flaw was discovered in the way Firefox handles XML files

containing an XSLT transform. A remote attacker could use this flaw to crash

Firefox or, potentially, execute arbitrary code as the user running Firefox.

(CVE-2009-1169) A flaw was discovered in the way Firefox handles certain XUL

garbage collection events. A remote attacker could use this flaw to crash

Firefox or, potentially, execute arbitrary code as the user running Firefox.

(CVE-2009-1044)

* Fri Mar 27 2009 Christopher Aillon - 2.0.3-2

- Rebuild against newer gecko

* Mon Mar 16 2009 Alex Lancaster - 2.0.3-1

- Update to upstream 2.0.3

- Add patch to disable xine-hack, hopefully fixes #480527

- Use internal 0.14 version of rb_libtorrent for < F-11 (#489755)

* Mon Mar 9 2009 Alex Lancaster - 2.0.2-1

- Update to upstream 2.0.2

- Add Requires: gstreamer-python (#489134)

- Drop patch for libtorrent 0.13, applied upstream

* Fri Mar 6 2009 Jan Horak - 2.0-4

- Rebuild against newer gecko

* Fri Feb 27 2009 Alex Lancaster - 2.0-3

- Combine the fhs patches into one, and fix the path to

/usr/libexec/xine_extractor (#487442)

* Fri Feb 27 2009 Alex Lancaster - 2.0-2

- Add another upstream patch to fix patch on x86_64 (#487442)

* Tue Feb 24 2009 Alex Lancaster - 2.0-1

- Update to upstream 2.0.

- Add patches to use system libtorrent and fix download directory to

~/Videos/Miro

* Wed Feb 4 2009 Christopher Aillon - 1.2.8-2

- Rebuild against newer gecko

* Wed Dec 3 2008 Alex Lancaster - 1.2.8-1

- Enable patch for new boost 1.37 for F-11+

- Update to latest upstream (1.2.8)

su -c 'yum update Miro' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory critical Fedora remote code execution memory corruption XSLT exploit Miro update

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 10
Version: 2.0.3
Release: 2.fc10
URL: http://www.getmiro.com/
Summary: Miro - Internet TV Player

Topics%20covered

Topics Covered

security advisory critical Fedora remote code execution memory corruption XSLT exploit Miro update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here