[gentoo-announce] [ GLSA 200808-01 ] xine-lib: User-assisted execution of arbitrary code - gentoo-announce

From:	Robert Buchholz <rbu@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200808-01 ] xine-lib: User-assisted execution of arbitrary code
Date:	Wed, 06 Aug 2008 00:30:04
Message-Id:	`200808060202.40999.rbu@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200808-01

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: xine-lib: User-assisted execution of arbitrary code

9

      Date: August 06, 2008

10

      Bugs: #213039, #214270, #218059

11

        ID: 200808-01

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

xine-lib is vulnerable to multiple buffer overflows when processing

19

media streams.

20

21

Background

22

==========

23

24

xine-lib is the core library package for the xine media player, and

25

other players such as Amarok, Codeine/Dragon Player and Kaffeine.

26

27

Affected packages

28

=================

29

30

    -------------------------------------------------------------------

31

     Package              /  Vulnerable  /                  Unaffected

32

    -------------------------------------------------------------------

33

  1  media-libs/xine-lib      < 1.1.13                       >= 1.1.13

34

35

Description

36

===========

37

38

Multiple vulnerabilities have been discovered in xine-lib:

39

40

* Alin Rad Pop of Secunia reported an array indexing vulnerability in

41

  the sdpplin_parse() function in the file input/libreal/sdpplin.c when

42

  processing streams from RTSP servers that contain a large "streamid"

43

  SDP parameter (CVE-2008-0073).

44

45

* Luigi Auriemma reported multiple integer overflows that result in

46

  heap-based buffer overflows when processing ".FLV", ".MOV" ".RM",

47

  ".MVE", ".MKV", and ".CAK" files (CVE-2008-1482).

48

49

* Guido Landi reported a stack-based buffer overflow in the

50

  demux_nsf_send_chunk() function when handling titles within NES Music

51

  (.NSF) files (CVE-2008-1878).

52

53

Impact

54

======

55

56

A remote attacker could entice a user to play a specially crafted video

57

file or stream with a player using xine-lib, potentially resulting in

58

the execution of arbitrary code with the privileges of the user running

59

the player.

60

61

Workaround

62

==========

63

64

There is no known workaround at this time.

65

66

Resolution

67

==========

68

69

All xine-lib users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.13"

73

74

References

75

==========

76

77

  [ 1 ] CVE-2008-0073

78

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073

79

  [ 2 ] CVE-2008-1482

80

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482

81

  [ 3 ] CVE-2008-1878

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878

83

84

Availability

85

============

86

87

This GLSA and any updates to it are available for viewing at

88

the Gentoo Security Website:

89

90

  http://security.gentoo.org/glsa/glsa-200808-01.xml

91

92

Concerns?

93

=========

94

95

Security is a primary focus of Gentoo Linux and ensuring the

96

confidentiality and security of our users machines is of utmost

97

importance to us. Any security concerns should be addressed to

98

security@g.o or alternatively, you may file a bug at

99

http://bugs.gentoo.org.

100

101

License

102

=======

103

104

Copyright 2008 Gentoo Foundation, Inc; referenced text

105

belongs to its owner(s).

106

107

The contents of this document are licensed under the

108

Creative Commons - Attribution / Share Alike license.

109

110

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200808-01
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: xine-lib: User-assisted execution of arbitrary code
9	Date: August 06, 2008
10	Bugs: #213039, #214270, #218059
11	ID: 200808-01
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	xine-lib is vulnerable to multiple buffer overflows when processing
19	media streams.
20
21	Background
22	==========
23
24	xine-lib is the core library package for the xine media player, and
25	other players such as Amarok, Codeine/Dragon Player and Kaffeine.
26
27	Affected packages
28	=================
29
30	-------------------------------------------------------------------
31	Package / Vulnerable / Unaffected
32	-------------------------------------------------------------------
33	1 media-libs/xine-lib < 1.1.13 >= 1.1.13
34
35	Description
36	===========
37
38	Multiple vulnerabilities have been discovered in xine-lib:
39
40	* Alin Rad Pop of Secunia reported an array indexing vulnerability in
41	the sdpplin_parse() function in the file input/libreal/sdpplin.c when
42	processing streams from RTSP servers that contain a large "streamid"
43	SDP parameter (CVE-2008-0073).
44
45	* Luigi Auriemma reported multiple integer overflows that result in
46	heap-based buffer overflows when processing ".FLV", ".MOV" ".RM",
47	".MVE", ".MKV", and ".CAK" files (CVE-2008-1482).
48
49	* Guido Landi reported a stack-based buffer overflow in the
50	demux_nsf_send_chunk() function when handling titles within NES Music
51	(.NSF) files (CVE-2008-1878).
52
53	Impact
54	======
55
56	A remote attacker could entice a user to play a specially crafted video
57	file or stream with a player using xine-lib, potentially resulting in
58	the execution of arbitrary code with the privileges of the user running
59	the player.
60
61	Workaround
62	==========
63
64	There is no known workaround at this time.
65
66	Resolution
67	==========
68
69	All xine-lib users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.13"
73
74	References
75	==========
76
77	[ 1 ] CVE-2008-0073
78	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
79	[ 2 ] CVE-2008-1482
80	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1482
81	[ 3 ] CVE-2008-1878
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1878
83
84	Availability
85	============
86
87	This GLSA and any updates to it are available for viewing at
88	the Gentoo Security Website:
89
90	http://security.gentoo.org/glsa/glsa-200808-01.xml
91
92	Concerns?
93	=========
94
95	Security is a primary focus of Gentoo Linux and ensuring the
96	confidentiality and security of our users machines is of utmost
97	importance to us. Any security concerns should be addressed to
98	security@g.o or alternatively, you may file a bug at
99	http://bugs.gentoo.org.
100
101	License
102	=======
103
104	Copyright 2008 Gentoo Foundation, Inc; referenced text
105	belongs to its owner(s).
106
107	The contents of this document are licensed under the
108	Creative Commons - Attribution / Share Alike license.
109
110	http://creativecommons.org/licenses/by-sa/2.5