Mandriva Linux Security Advisory : xine-lib (MDVSA-2008:046-1)
High Nessus Plugin ID 36358
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionAn array index vulnerability found in the FLAC audio demuxer might allow remote attackers to execute arbitrary code via a crafted FLAC tag, which triggers a buffer overflow. Although originally an MPlayer issue, it also affects xine-lib due to code similarity.
The updated packages have been patched to prevent this issue.
The previous update used a bad patch which made Amarok interface very unresponsive while playing FLAC files. This new update fixes the security issue with a better patch.
SolutionUpdate the affected packages.