[Full-disclosure] [ GLSA 200609-08 ] xine-lib: Buffer overflows

Sune Kloppenborg Jeppesen jaervosz at gentoo.org
Wed Sep 13 19:53:28 BST 2006 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200609-08
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: xine-lib: Buffer overflows
      Date: September 13, 2006
      Bugs: #133520
        ID: 200609-08

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

xine-lib is vulnerable to multiple buffer overflows that could be
exploited to execute arbitrary code.

Background
==========

xine is a high performance, portable and reusable multimedia playback
engine. xine-lib is xine's core engine.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /  Vulnerable  /                  Unaffected
    -------------------------------------------------------------------
  1  media-libs/xine-lib     < 1.1.2-r2                    >= 1.1.2-r2

Description
===========

xine-lib contains buffer overflows in the processing of AVI.
Additionally, xine-lib is vulnerable to a buffer overflow in the HTTP
plugin (xineplug_inp_http.so) via a long reply from an HTTP server.

Impact
======

An attacker could trigger the buffer overflow vulnerabilities by
enticing a user to load a specially crafted AVI file in xine. This
might result in the execution of arbitrary code with the rights of the
user running xine. Additionally, a remote HTTP server serving a xine
client a specially crafted reply could crash xine and possibly execute
arbitrary code.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All xine-lib users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=media-libs/xine-lib-1.1.2-r2"

References
==========

  [ 1 ] CVE-2006-2802
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2802

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200609-08.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security at gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060913/c47c4469/attachment.bin

Full-Disclosure is hosted and sponsored by Secunia.