Gentoo Archives: gentoo-announce

From: "Joshua J. Berry" <condordes@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××.com, security-alerts@×××××××××××××.com, gentoo-core@l.g.o
Subject: [gentoo-announce] [ GLSA 200404-20 ] Multiple vulnerabilities in xine
Date: Tue, 27 Apr 2004 05:42:19
Message-Id: 200404262240.54047.condordes@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200404-20
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: Multiple vulnerabilities in xine
9 Date: April 27, 2004
10 Bugs: #45448, #48107, #48108
11 ID: 200404-20
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Several vulnerabilities have been found in xine-ui and xine-lib,
19 potentially allowing an attacker to overwrite files with the rights of
20 the user.
21
22 Background
23 ==========
24
25 xine is a multimedia player allowing to play back CDs, DVDs, and VCDs
26 and decoding multimedia files like AVI, MOV, WMV, and MP3 from local
27 disk drives, and displays multimedia streamed over the Internet. It is
28 available in Gentoo as a reusable library (xine-lib) with a standard
29 user interface (xine-ui).
30
31 Affected packages
32 =================
33
34 -------------------------------------------------------------------
35 Package / Vulnerable / Unaffected
36 -------------------------------------------------------------------
37 1 media-video/xine-ui <= 0.9.23-r1 >= 0.9.23-r2
38 2 media-libs/xine-lib <= 1_rc3-r2 >= 1_rc3-r3
39 -------------------------------------------------------------------
40 2 affected packages on all of their supported architectures.
41 -------------------------------------------------------------------
42
43 Description
44 ===========
45
46 Several vulnerabilities were found in xine-ui and xine-lib. By opening
47 a malicious MRL in any xine-lib based media player, an attacker can
48 write arbitrary content to an arbitrary file, only restricted by the
49 permissions of the user running the application. By opening a malicious
50 playlist in the xine-ui media player, an attacker can write arbitrary
51 content to an arbitrary file, only restricted by the permissions of the
52 user running xine-ui. Finally, a temporary file is created in an
53 insecure manner by the xine-check and xine-bugreport scripts,
54 potentially allowing a local attacker to use a symlink attack.
55
56 Impact
57 ======
58
59 These three vulnerabilities may alow an attacker to corrupt system
60 files, thus potentially leading to a Denial of Service. It is also
61 theoretically possible, though very unlikely, to use these
62 vulnerabilities to elevate the privileges of the attacker.
63
64 Workaround
65 ==========
66
67 There is no known workaround at this time. All users are advised to
68 upgrade to the latest available versions of xine-ui and xine-lib.
69
70 Resolution
71 ==========
72
73 All users of xine-ui or another xine-based player should upgrade to the
74 latest stable versions:
75
76 # emerge sync
77
78 # emerge -pv ">=media-video/xine-ui-0.9.23-r2"
79 # emerge ">=media-video/xine-ui-0.9.23-r2"
80
81 # emerge -pv ">=media-libs/xine-lib-1_rc3-r3"
82 # emerge ">=media-libs/xine-lib-1_rc3-r3"
83
84 References
85 ==========
86
87 [ 1 ] Xine Security Advisories
88 http://xinehq.de/index.php/security
89 [ 2 ] xine-bugreport and xine-check vulnerability
90 http://nettwerked.mg2.org/advisories/xinebug
91
92 Availability
93 ============
94
95 This GLSA and any updates to it are available for viewing at
96 the Gentoo Security Website:
97
98 http://security.gentoo.org/glsa/glsa-200404-20.xml
99
100 Concerns?
101 =========
102
103 Security is a primary focus of Gentoo Linux and ensuring the
104 confidentiality and security of our users machines is of utmost
105 importance to us. Any security concerns should be addressed to
106 security@g.o or alternatively, you may file a bug at
107 http://bugs.gentoo.org.
108
109 License
110 =======
111
112 Copyright 2004 Gentoo Technologies, Inc; referenced text
113 belongs to its owner(s).
114
115 The contents of this document are licensed under the
116 Creative Commons - Attribution / Share Alike license.
117
118 http://creativecommons.org/licenses/by-sa/1.0