A new xine-lib package, version 1.0.3a, is avilable for slackware. The new package is a security fix and can be downloaded from the Slackware package browser.
More info from the ChangeLog:
This fixes a format string bug where an attacker, if able to upload malicious information to a CDDB server and then get a local user to play a certain audio CD, may be able to run arbitrary code on the machine as the user running the xine-lib linked application. For more information, see:
http://xinehq.de/index.php/security/XSA-2005-1
See HTNet for more.
0 responses so far ↓
There are no comments yet...Kick things off by filling out the form below.