Viewer security exploit revealed

Nalates Urriah reports that Linden Lab have confirmed there is a security exploit involving a flaw in the Ogg Vorbis library could lead to Viewer crash issues. It’s not thought that the exploit can either perform privilege-escalation or arbitrary code-execution on users’ systems.

The flaw has been known about since 2009, but the exploit is fairly recent. Ogg files are in widespread use, so this is not an issue specific to the Viewer code. Linden lab has responded to the situation by issuing a patch and an advisory for all TPVs to recompile their binaries for all TPV viewers.

At the time from writing, updating executables for Kirstenlee’s Viewer (S21 7a) and the Firestorm Previews have been released.  Links for the Firestorm downloads (which do not appear to be available on the Phoenix website) are available as follows:

Note that all of the above three releases of Firestorm should be clean installations, not installed over any previous release (which should be removed first).

Other TPVs will doubtless follow, and users are advised to keep an eye on the various Viewer-related blogs and update as required.

Addendum May 16th

Phoenix have released an update that fixes this issue (and others). Find it here.