[SECURITY] [DLA 1243-1] xbmc security update

2018-01-1621:10:02

lists.debian.org

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

51.7%

JSON

Package : xbmc
Version : 2:11.0~git20120510.82388d5-1+deb7u1
CVE ID : CVE-2017-8314
Debian Bug : 863230

The Check Point Research Team discovered that the XBMC media center
allows arbitrary file write when a malicious subtitle file is
downloaded in zip format. This update requires the new dependency
libboost-regex1.49.

For Debian 7 "Wheezy", these problems have been fixed in version
2:11.0~git20120510.82388d5-1+deb7u1.

We recommend that you upgrade your xbmc packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7allxbmc-eventclients-j2me< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-eventclients-j2me_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian7allxbmc-eventclients-dev< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-eventclients-dev_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian7armhfxbmc-eventclients-wiiremote< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-eventclients-wiiremote_2:11.0~git20120510.82388d5-1+deb7u1_armhf.deb
Debian7allxbmc-data< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-data_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian7armhfxbmc-bin< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-bin_2:11.0~git20120510.82388d5-1+deb7u1_armhf.deb
Debian7allxbmc< 2:11.0~git20120510.82388d5-1+deb7u1xbmc_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian7allxbmc-standalone< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-standalone_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian7amd64xbmc-bin< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-bin_2:11.0~git20120510.82388d5-1+deb7u1_amd64.deb
Debian7i386xbmc-bin< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-bin_2:11.0~git20120510.82388d5-1+deb7u1_i386.deb
Debian7i386xbmc-eventclients-wiiremote< 2:11.0~git20120510.82388d5-1+deb7u1xbmc-eventclients-wiiremote_2:11.0~git20120510.82388d5-1+deb7u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	xbmc-eventclients-j2me	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-eventclients-j2me_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian	7	all	xbmc-eventclients-dev	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-eventclients-dev_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian	7	armhf	xbmc-eventclients-wiiremote	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-eventclients-wiiremote_2:11.0~git20120510.82388d5-1+deb7u1_armhf.deb
Debian	7	all	xbmc-data	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-data_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian	7	armhf	xbmc-bin	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-bin_2:11.0~git20120510.82388d5-1+deb7u1_armhf.deb
Debian	7	all	xbmc	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian	7	all	xbmc-standalone	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-standalone_2:11.0~git20120510.82388d5-1+deb7u1_all.deb
Debian	7	amd64	xbmc-bin	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-bin_2:11.0~git20120510.82388d5-1+deb7u1_amd64.deb
Debian	7	i386	xbmc-bin	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-bin_2:11.0~git20120510.82388d5-1+deb7u1_i386.deb
Debian	7	i386	xbmc-eventclients-wiiremote	< 2:11.0~git20120510.82388d5-1+deb7u1	xbmc-eventclients-wiiremote_2:11.0~git20120510.82388d5-1+deb7u1_i386.deb