Re: libgme drive-by exploit.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On 12/16/2016 02:12 PM, Lamar Owen wrote:
An interesting exploit:
packages have it.... lessee.... nope, didn't find the 'Game Music Emu' (gstreamer-plugins-bad-extras contains this in Fedora 25) anywhere, but I reserve the right to be wrong.

And five minutes later:
[lowen@dhcp-pool170 ~]$ yum list|grep game-music-emu
game-music-emu.x86_64                    0.6.0-5.el7 @epel
game-music-emu-debuginfo.x86_64          0.6.0-3.el7.nux nux-dextop
game-music-emu-devel.x86_64              0.6.0-5.el7 epel
game-music-emu-player.x86_64             0.6.0-5.el7 epel
[lowen@dhcp-pool170 ~]$ rpm -ql game-music-emu
/usr/lib64/libgme.so.0
/usr/lib64/libgme.so.0.6.0
/usr/share/doc/game-music-emu-0.6.0
/usr/share/doc/game-music-emu-0.6.0/changes.txt
/usr/share/doc/game-music-emu-0.6.0/license.txt
/usr/share/doc/game-music-emu-0.6.0/readme.txt
[lowen@dhcp-pool170 ~]$

Yep, I was wrong: it is available (package name in the article was wrong) but not installed by default (is in EPEL). So might be vulnerable, might need to test on a burner machine.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux