Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
99
security advisoryformat stringslackwareSlackware 10.1 Security Advisory: gxine Format String Threat Mitigated
New gxine packages are available for Slackware 10.0, 10.1, and -current to fix a format string security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] gxine format string vulnerability (SSA:2005-203-04) New gxine packages are available for Slackware 10.0, 10.1, and -current to fix a format string security issue. More details about this issue may be found in the Common Vulnerabilities and Exposures (CVE) database: https://www.cve.org/CVERecord?id=CAN-2005-1692 Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/gxine-0.4.6-i486-1.tgz: Upgraded to gxine-0.4.6. This fixes a format string vulnerability that allows remote attackers to execute arbitrary code via a ram file with a URL whose hostname contains format string specifiers. For more information, see: https://www.cve.org/CVERecord?id=CAN-2005-1692 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Updated package for Slackware 10.0: ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gxine-0.4.6-i486-1.tgz Updated package for Slackware 10.1: ftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gxine-0.4.6-i486-1.tgz Updated package for Slackware -current: MD5 signatures: +-------------+ Slackware 10.0 package: ed2069ed7293de0dda94fe9f28d3879c gxine-0.4.6-i486-1.tgz Slackware 10.1 package: 8dd46180f7f34afbc54c6db12ef7b932 gxine-0.4.6-i486-1.tgz Slackware -current package: c1b5f88ee48cfe6ad4d08178765c5f4a gxine-0.4.6-i486-1.tgz Installation instructions: +------------------------+ Upgrade the package as root: # upgradepkg gxine-0.4.6-i486-1.tgz +-----+ . Updated gxine packages are now released for Slackware versions 10.0, 10.1, and -current to fix a critical format string vulnerability.. gxine, string fix, slackware update, format issue. .Severity: Critical. LinuxSecurity.com Team
Jul 22, 2005
•Critical
Slackware
91
security advisorygentooformat stringGentoo: GLSA-200505-19 Normal: gxine Format String Risk
A format string vulnerability in gxine could allow a remote attacker to execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200505-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: gxine: Format string vulnerability Date: May 26, 2005 Bugs: #93532 ID: 200505-19 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A format string vulnerability in gxine could allow a remote attacker to execute arbitrary code. Background ========= gxine is a GTK+ and xine-lib based media player. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/gxine < 0.4.4 *> = 0.3.3-r2 *> = 0.4.1-r1 > = 0.4.4 Description ========== Exworm discovered that gxine insecurely implements formatted printing in the hostname decoding function. Impact ===== A remote attacker could entice a user to open a carefully crafted file with gxine, possibly leading to the execution of arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All gxine users should upgrade to the latest available version: # emerge --sync # emerge --ask --oneshot --verbose media-video/gxine References ========= [ 1 ] CAN-2005-1692 [ 2 ] Bugtraq ID 13707 [ 3 ] Original Advisory Availability =========== This GLSA and any updates to it are available for viewing at the GentooSecurity Website: https://security.gentoo.org/glsa/200505-19 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
May 26, 2005
Gentoo
91
security advisorygentoobuffer overflowGentoo: GLSA 202312-05 Moderate: VLC Media Player Heap Overflow
Kaffeine and gxine both contain a buffer overflow that can be exploited when accessing content from a malicious HTTP server with specially crafted headers. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200411-14:01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Kaffeine, gxine: Remotely exploitable buffer overflow Date: November 07, 2004 Bugs: #69663, #70055 ID: 200411-14:01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Kaffeine and gxine both contain a buffer overflow that can be exploited when accessing content from a malicious HTTP server with specially crafted headers. Background ========= Kaffeine and gxine are graphical front-ends for xine-lib multimedia library. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/kaffeine < 0.5_rc1-r1 > = 0.5_rc1-r1 *> = 0.4.3b-r1 2 media-video/gxine < 0.3.3-r1 > = 0.3.3-r1 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. ------------------------------------------------------------------- Description ========== KF of Secure Network Operations has discovered an overflow that occursduring the Content-Type header processing of Kaffeine. The vulnerable code in Kaffeine is reused from gxine, making gxine vulnerable as well. Impact ===== An attacker could create a specially-crafted Content-type header froma malicious HTTP server, and crash a user's instance of Kaffeine or gxine, potentially allowing the execution of arbitrary code. Workaround ========= There is no known workaround at this time. Resolution ========= All Kaffeine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-video/kaffeine-0.4.3b-r1" All gxine users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-video/gxine-0.3.3-r1" References ========= [ 1 ] SecurityTracker Advisory [ 2 ] gxine Bug Report ;aid=1060299&group_id=9655&atid=109655 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200411-14 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Nov 07, 2004
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!