Summary
The remote host is missing an update to xine-lib
announced via advisory FEDORA-2009-0542.
Solution
Apply the appropriate updates.
This update can be installed with the yum update program. Use su -c 'yum update xine-lib' at the command line.
For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/.
https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-0542
Insight
Update Information:
This updates xine-lib to the upstream 1.1.16 release.
This fixes several bugs, including the security issues CVE-2008-5234 vector 1, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240 vectors 3 & 4 and CVE-2008-5243. See http://sourceforge.net/project/shownotes.php?release_id=652075&group_id=9655 for the full list of changes.
In addition, the Fedora xine-lib package now
includes the demuxers for the MPEG container format, which are not patent-encumbered. (The decoders for actual MPEG video and audio data are still excluded due to software patents.)
ChangeLog:
* Wed Jan 7 2009 Kevin Kofler - 1.1.16-1.1
- patch for old libcaca in F9-
* Wed Jan 7 2009 Rex Dieter - 1.1.16-1
- xine-lib-1.1.16, plugin ABI 1.25
- --with-external-libdvdnav, include mpeg demuxers (#213597)
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2008-3231, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5239, CVE-2008-5240, CVE-2008-5243 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities