본문 바로가기

벌새::Security

업데이트 : Winamp 5.6 Build 3081

반응형
해외 Nullsoft사에서 제공하는 멀티미디어 플레이어 Winamp 5.6 Build 3081 버전이 공개되었습니다.


이번 버전에서는 DLL Hijacking 취약점에 대한 문제가 해결되었으며, 악의적인 미디어 파일을 사용자가 열었을 경우에 발생하는 in_nsv.dll 플러그인과 관련된 Integer Overflow 문제를 해결한 것으로 알려져 있습니다.

이번 버전에서 새롭게 추가된 기능 및 수정된 사항은 다음과 같습니다.

  1. New: [pmp_wifi] Android Wi-Fi support
  2. New: Direct mouse wheel support
  3. New: Option to write ratings to tags (for mp3, wma/wmv, ogg & flac)
  4. Improved: Redesigned Devices/Portables view in Media Library
  5. Improved: New on-the-fly "Vertically flip (Shift+F)" option in Video context menu
  6. Improved: [dlmgr/jnetlib] Handling of http status codes 100 & 201-206
  7. Improved: [ml_plg] Playlist Generator: context menu dialog & other features
  8. Improved: [ml_pmp] More user-friendly Transcoding options for portable devices
  9. Improved: [ml_transcode] Added support for <disc> & <discs> in naming scheme
  10. Improved: [nsutil] Optimized video flip modes
  11. Improved: [pmp_android/ipod] Added encoder blacklist
  12. Improved: [ReplayGainAnalysis] Support for more sample rates
  13. Fixed: DLL load security vulnerability
  14. Fixed: [enc_lame] Memory leak
  15. Fixed: [gen_ff] Bookmark corruption via Send To menu in main window songticker
  16. Fixed: [gen_ml] Empty/Grey ML when restarting Winamp from a minimized state
  17. Fixed: [gen_ml] Scrolling lag in nav panel with large amount of items
  18. Fixed: [in_midi] Buffer/Integer overflow issues (thanks: Joakim @ nsense)
  19. Fixed: [in_mod] Buffer overflow in comment box (MTM security vulnerability)
  20. Fixed: [in_mkv] Crash when reading a string that was exactly SIZE_MAX bytes
  21. Fixed: [in_mp3] ID3v1 UI glitch, APEv2 + Lyrics3 tag combo bug, APEv2 tag removal
  22. Fixed: [in_mp4] Potential crash on getting metadata/albumart from invalid MP4 files
  23. Fixed: [in_nsv] Integer overflow in allocating memory for metadata
  24. Fixed: [in_nsv] Integer overflow when parsing TOC (thanks to: C. Eiram, Secunia)
  25. Fixed: [in_nsv] Video flip mode detection quirks
  26. Fixed: [ml_local] Arrow direction and sort inconsistencies in 3-pane views
  27. Fixed: [ml_plg] Playlist Generator crashes and database corruption issues
  28. Fixed: [ml_pmp] Autofill crash on empty libraries
  29. Fixed: [ml_playlists] Crash on drag+drop items from one playlist to another
  30. Fixed: [ml_transcode] Freeze transcoding .cda when using <filename> in scheme
  31. Fixed: [playlist] Relative pathnames when filename is already relative
  32. Fixed: [pmp_android/usb] Playlist sync & loading issues
  33. Fixed: [pmp_android/ipod/usb] Issue with forward slashes in playlist paths
  34. Fixed: [pmp_usb] Bug when multiple usb devices are connected
  35. Fixed: [vis_milk2] Unicode issues with fonts & presets editor (5.58-specific)
  36. Fixed: [vis_milk2] sprites.ini file lookup
  37. Fixed: [vp6.w5s] Buffer overflow issue
  38. Misc: More general tweaks, improvements, fixes and optimizations
  39. Misc: Portables/Devices support now also adds ml_devices.dll & devices.w5s
  40. Misc: Prompt user whether to move skins/langpacks when changing location
  41. Misc: Removed Winamp Remote from installer
  42. Misc: [ml_pmp] Moved 'Podcast Sync' to new tab in portable device options
  43. Misc: [out_ds] Config now displays 7.1 speakers as '7.1' instead of 'Unknown'
  44. Updated: Gracenote CDDB/MusicID v2.6.206
  45. Updated: [gen_jumpex] JTFE v1.2.3
  46. Updated: [in_vorbis] libogg v1.2.1 & libvorbis v1.3.2
  47. Updated: [vp8] libvpx v0.9.5

실제 해당 보안 취약점을 이용한 공격이 이루어지기는 어려울 수 있지만, 보안을 위하여 해당 프로그램을 사용하시는 분들은 반드시 최신 버전으로 업데이트를 하시고 이용하시기 바랍니다.

728x90
반응형