Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Slackware 12.0: 2008-111-01 High: Xine-Lib Buffer Overflow

slackware
Calendar Grey April 22, 2008
Dist Slackware Esm H88
Recent updates to xine-lib resolve a critical buffer overflow vulnerability in Slackware, enhancing security by thwarting potential code execution exploits.
New xine-lib packages are available for Slackware 10.0, 10.1, 10.2, 11.0, 12.0, and -current to fix security issues

Summary

Here are the details from the Slackware 12.0 ChangeLog: patches/packages/xine-lib-1.1.11.1-i686-3_slack12.0.tgz: Recompiled, with --without-speex (we didn't ship the speex library in Slackware anyway, but for reference this issue would be CVE-2008-1686), and with --disable-nosefart (the recently reported as insecurely demuxed NSF format). As before in -2, this package fixes the two regressions mentioned in the release notes for xine-lib-1.1.12: ;group_id=9655 (* Security fix *)

Topics%20covered

Topics Covered

security advisory high severity buffer overflow software update security fix slackware xine-lib

Where Find New Packages

HINT: Getting slow download speeds from ftp.slackware.com? Give slackware.osuosl.org a try. This is another primary FTP site for Slackware that can be considerably faster than downloading directly from ftp.slackware.com.
Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating additional FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/xine-lib-1.1.11.1-i686-3_slack10.0.tgz
Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/xine-lib-1.1.11.1-i686-3_slack10.1.tgz
Updated package for Slackware 10.2: ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/xine-lib-1.1.11.1-i686-3_slack10.2.tgz
Updated package for Slackware 11.0:
Updated package for Slackware 12.0:
Updated pack...

Read the Full Advisory

MD5 Signatures

Slackware 10.0 package: 5852d40bec83e7754727956366c47efa xine-lib-1.1.11.1-i686-3_slack10.0.tgz
Slackware 10.1 package: a78cd544b958bc49eebbbc33cb8e8f8f xine-lib-1.1.11.1-i686-3_slack10.1.tgz
Slackware 10.2 package: ae159e3519a3d10306ed373d9eb90e44 xine-lib-1.1.11.1-i686-3_slack10.2.tgz
Slackware 11.0 package: e88f4828e126fdbee826ca6ff3cda355 xine-lib-1.1.11.1-i686-3_slack11.0.tgz
Slackware 12.0 package: 37ba3d3e3adb62b453e4092ffef120c6 xine-lib-1.1.11.1-i686-3_slack12.0.tgz
Slackware -current package: af248c0137f15c0cd97ab751e78a66df xine-lib-1.1.11.1-i686-3.tgz

Topics%20covered

Topics Covered

security advisory high severity buffer overflow software update security fix slackware xine-lib

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg xine-lib-1.1.11.1-i686-3_slack12.0.tgz

Related News

Your message here