Bug 152873
Summary: | CAN-2004-0372,1379: multiple xine vulns | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Fedora Legacy | Reporter: | David Lawrence <dkl> | ||||
Component: | xine | Assignee: | Fedora Legacy Bugs <bugs> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | rhl7.3 | CC: | donjr, pekkas | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | LEGACY, rh73 | ||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-04-05 00:25:21 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
David Lawrence
2005-03-30 23:30:32 UTC
Need to check whether http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4048 affects us, from Gentoo advisory: Description =========== Simon Kilvington has reported a vulnerability in FFmpeg libavcodec. The flaw is due to a buffer overflow error in the "avcodec_default_get_buffer()" function. This function doesn't properly handle specially crafted PNG files as a result of a heap overflow. Impact ====== A remote attacker could entice a user to run an FFmpeg based application on a maliciously crafted PNG file, resulting in the execution of arbitrary code with the permissions of the user running the application. xine-0.98 is so ancient that the code is completely different, and I'm not sure if PNGs are even supported. I don't think we're affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I performed QA on the following package: 87dfc7b246b52abbfdc91d712e8389309cfe09f9 xine-0.9.8-4.1.legacy.src.rpm Used rpm-build-compare.sh source looks ok spec file changes appropriate patches look good +PUBLISH rh73 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFD9kfbpxMPKJzn2lIRAsaWAJ0cfKlGNSmjBP82bhUAolnYzTq/IQCgrSMg of4CoaoJUlPHfQZorDqMdqA= =K+4k -----END PGP SIGNATURE----- Thanks! Packages were pushed to updates-testing. Timeout over. Created attachment 127213 [details]
FLSA-2006-152873 proposed security advisory.
Proposed security advisory text for this issue.
Just for completeness, I looked up "xine" in cve.mitre.org, and found some other potential issues for xine. Summary: We may yet be vulnerable to CVE-2004-1455, and I couldn't conclude from Bugtraq whether or not we are vulnerable to CVE-2004-1951 without digging into the xine package... Details: CVE-2004-0433 - "Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets." (Also XSA-2004-3, http://www.xinehq.de/index.php/security/XSA-2004-3). According to XSA-2004-3, this issue does not affect xine-lib 1-beta0 and below. CVE-2004-1187,1188 - (Already determined to not affect this old version of xine.) CVE-2004-1455 - "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL." (Also Bugtraq BID 10890, http://www.securityfocus.com/bid/10890). According to BID 10890, xine-0.9.9 and earlier is vulnerable to this. CVE-2004-1475 - "Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines." (Also XSA-2004-4, http://xinehq.de/index.php/security/XSA-2004-4). According to XSA-2004-4, all 0.9 releases or older are NOT affected by this. CVE-2004-1476 - "Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk label." (Also XSA-2004-4, http://xinehq.de/index.php/security/XSA-2004-4). According to XSA-2004-4, all 0.9 releases or older are NOT affected by this. CVE-2004-1951 - "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link." (Also Bugtraq BID 10193, http://www.securityfocus.com/bid/10193). According to BID 10193, xine xine-0.9.8 is both vulnerable and NOT vulnerable to this. (?) CVE-2005-1195 - "Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code." (Also XSA-2004-8, http://xinehq.de/index.php/security/XSA-2004-8). According to XSA-2004-8, xine-0.9.8 is NOT vulnerable to this (.. I think). If any of these are valid issues for RHL 7.3's xine, should we open a new bug report for them? In the text, the Keywords field should probably be 'security'. ... CVE-2004-1455 - "Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL." (Also Bugtraq BID 10890, http://www.securityfocus.com/bid/10890). According to BID 10890, xine-0.9.9 and earlier is vulnerable to this. ==> According to http://xinehq.de/index.php/security/XSA-2004-2, we are not vulnerable to this one. CVE-2004-1951 - "xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link." (Also Bugtraq BID 10193, http://www.securityfocus.com/bid/10193). According to BID 10193, xine xine-0.9.8 is both vulnerable and NOT vulnerable to this. (?) ==> according to http://xinehq.de/index.php/security/XSA-2004-1, we are not vulnerable to this either. Excellent, Pekka! Thanks! :-) Marc, if the Keywords: line ought to say "security," can you take care of that when you publish it? Thanks! Packages were released to updates. |