Ubuntu
xine-lib package

[xine-lib] [CVE-2008-0225] insufficient input sanitising during the handling of RTSP streams

Bug #185034 reported by disabled.user on 2008-01-22

258

Affects		Status	Importance	Assigned to	Milestone
	xine-lib (Gentoo Linux)	Fix Released	Medium	gentoo-bugs #205197
	xine-lib (Ubuntu)	Invalid	Undecided	Unassigned
	Dapper	Fix Released	Undecided	Unassigned
	Feisty	Fix Released	Undecided	Unassigned
	Gutsy	Fix Released	Undecided	Jamie Strandboge

Bug Description

References:
DSA-1472-1 (http://www.debian.org/security/2008/dsa-1472)

Quoting:
"Luigi Auriemma discovered that the Xine media player library performed
insufficient input sanitising during the handling of RTSP streams,
which could lead to the execution of arbitrary code."

CVE References

Revision history for this message

In Gentoo Bugzilla #205197, lars (lars-chaotika) wrote on 2008-01-10:

#3

The vulnerabilities are caused due to boundary errors within the "rmff_dump_cont()" function in input/libreal/rmff.c when processing the SDP "Title", "Author", Copyright", and "Abstract" attributes. These can be exploited to cause a heap-based buffer overflow by tricking the user into connecting to a malicious RTSP server.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities are confirmed in version 1.1.9. Other versions may also be affected.

Solution: no upstream fix avaible, so "Do not connect to untrusted streaming servers."...

Revision history for this message

In Gentoo Bugzilla #205197, Robert Buchholz (rbu) wrote on 2008-01-10:

#4

Media-video, please advise.

Revision history for this message

In Gentoo Bugzilla #205197, Aballier (aballier) wrote on 2008-01-11:

#5

xine-lib 1.1.9.1 is in the tree and candidate for stable, see changelog why there is a -r1 too...

Revision history for this message

In Gentoo Bugzilla #205197, Jaervosz (jaervosz) wrote on 2008-01-13:

#6

Arches please test and mark stable. Target keywords are:

xine-lib-1.1.9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"

Revision history for this message

In Gentoo Bugzilla #205197, Ranger-z (ranger-z) wrote on 2008-01-13:

#7

ppc64 done

Revision history for this message

In Gentoo Bugzilla #205197, Dertobi123 (dertobi123) wrote on 2008-01-13:

#8

(In reply to comment #3)
> Arches please test and mark stable. Target keywords are:
>
> xine-lib-1.1.9.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
> ~x86-fbsd"
>

which should be 1.1.9.1 according to the changelog, re-adding ppc64

xine-lib-1.1.9.1.ebuild:KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"

Revision history for this message

In Gentoo Bugzilla #205197, Ranger-z (ranger-z) wrote on 2008-01-13:

#9

1.1.9.1 done now too. ppc64 stable

Revision history for this message

In Gentoo Bugzilla #205197, Dertobi123 (dertobi123) wrote on 2008-01-13:

#10

ppc stable

Revision history for this message

In Gentoo Bugzilla #205197, Maekke-gentoo (maekke-gentoo) wrote on 2008-01-13:

#11

x86 stable

Revision history for this message

In Gentoo Bugzilla #205197, Jeroen Roovers (jer-gentoo) wrote on 2008-01-15:

#12

Stable for HPPA.

Revision history for this message

In Gentoo Bugzilla #205197, Raúl Porcel (armin76) wrote on 2008-01-16:

#13

alpha/ia64/sparc stable

Revision history for this message

In Gentoo Bugzilla #205197, Welp (welp) wrote on 2008-01-16:

#14

amd64 done.

Revision history for this message

In Gentoo Bugzilla #205197, Jaervosz (jaervosz) wrote on 2008-01-16:

#15

GLSA request filed.

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2008-01-23:

#1

See also:
MDVSA-2008:020 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:020)

Quoting:
"Heap-based buffer overflow in the rmff_dump_cont function in
input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote
attackers to execute arbitrary code via the SDP Abstract attribute,
related to the rmff_dump_header function and related to disregarding
the max field. (CVE-2008-0225)

Multiple heap-based buffer overflows in the rmff_dump_cont function
in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers
to execute arbitrary code via the SDP (1) Title, (2) Author, or
(3) Copyright attribute, related to the rmff_dump_header function,
different vectors than CVE-2008-0225. (CVE-2008-0238)"

Revision history for this message

In Gentoo Bugzilla #205197, Robert Buchholz (rbu) wrote on 2008-01-27:

#16

GLSA 200801-12, thanks.

Revision history for this message

disabled.user (disabled.user-deactivatedaccount) wrote on 2008-05-20:

#2

Any news on those security updates for xine-lib?

Bug Watch Updater (bug-watch-updater) on 2008-05-20

Changed in xine-lib:
status:	Unknown → Fix Released

Jamie Strandboge (jdstrand) on 2008-08-06

Changed in xine-lib:
status:	New → Invalid
status:	New → Fix Released
status:	New → Fix Released
assignee:	nobody → jdstrand
status:	New → Fix Released

Bug Watch Updater (bug-watch-updater) on 2011-02-04

Changed in xine-lib (Gentoo Linux):
importance:	Unknown → Medium

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

gentoo-bugs #205197
[RESOLVED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.