SB2017062025 - Gentoo update for Kodi
Published: June 20, 2017 Updated: June 20, 2017
Security Bulletin ID
SB2017062025
Severity
Medium
Patch available
YES
Number of vulnerabilities
2
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2015-3885)
The vulnerability allows a remote unauthenticated user to cause DoS condition on the target system.The weakness exists due to buffer overflow caused by processing of malformed XMP or RAW image and allowing attackers to trigger the affected service deny or execute arbitrary code.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
2) Path traversal (CVE-ID: CVE-2017-8314)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
Directory Traversal in Zip Extraction built-in function in Kodi 17.1 and earlier allows arbitrary file write on disk via a Zip file as subtitles.
Remediation
Install update from vendor's website.