Slackware Security Update: xine-lib

There’s an update to the xine-lib package for Slackware. If you use it, please update to this new version (1.0.3a). A question that strikes me when reading this notification is, “What the hell are the odds that this vuln can actually be implemented in real-life?”

Details are as follows:

New xine-lib packages are available for Slackware 9.1, 10.0, 10.1, 10.2, and -current to fix a security issue. A format string bug may allow the execution of arbitrary code as the user running a xine-lib linked application. The attacker must provide (by uploading or running a server) specially crafted CDDB information and then get the user to play the referenced audio CD.

Updated packages can be downloaded from the Slackware Package Browser or using automated package management tools like Swaret or slapt-get.

Only one response to “Slackware Security Update: xine-lib” so far.

  1. Anonymous Says:

    Security Update: xine-lib

    A new xine-lib package, version 1.0.3a, is avilable for slackware. The new package is a security fix and can be downloaded from the Slackware package browser.
    More info from the ChangeLog:
    This fixes a format string bug where an attacker, if able t…