Advisories » MGASA-2014-0071

Updated xbmc package fixes a security vulnerability

Publication date: 16 Feb 2014
Modification date: 16 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-1438

Description

Due to flaws in the embedded copy of libDCR, a fork of dcraw.c, in the
embedded copy of CxImage, opening a specially crafted photo file could
trigger a division by zero, an infinite loop, or a null pointer
dereference, resulting in a denial of service (CVE-2013-1438).

This update fixes those flaws.

XBMC is also updated to a newer bugfix-only release, version 12.3.
It contains fixes to various issues, including:
 - several PVR related bugs
 - memory leaks
 - audio channel mapping
 - possible crash on progress dialog
and more.

Additionally, this update fixes a compatibility issue on Mageia 4
affecting AC-3 transcoding, which prevented, for example, multichannel
playback of AAC 5.1 files over S/PDIF or stereo-only HDMI devices.

The PVR addons have also been updated.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12613
• https://bugs.mageia.org/show_bug.cgi?id=11149
• http://xbmc.org/xbmc-12-3-frodo-fixes/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1438

SRPMS

3/core

• xbmc-12.3-1.1.mga3

4/core

• xbmc-12.3-1.1.mga4