Alin Rad Pop of Secunia Research discovered following flaw affecting xine-lib: SA28694: Description: Secunia Research has discovered a vulnerability in xine-lib, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "sdpplin_parse()" function in input/libreal/sdpplin.c. This can be exploited to overwrite arbitrary memory regions via an overly large "streamid" SDP parameter included in a malicious RTSP stream. Successful exploitation allows execution of arbitrary code. The vulnerability is confirmed in version 1.1.10.1. Other versions may also be affected. Solution: Do not open untrusted RTSP streams. A patch or updated version should be available shortly. References: http://secunia.com/advisories/28694/ http://secunia.com/secunia_research/2008-10/advisory/ http://bugs.xine-project.org/show_bug.cgi?id=58 http://bugs.gentoo.org/show_bug.cgi?id=213039 According to Gentoo bug, this issue also affects VLC. Issue should be addressed in next upstream version 1.1.11 (not yet available). Patch is aviable in the xine bugzilla.
Direct link to patch: http://bugs.xine-project.org/attachment.cgi?id=25
I'm working on updating F-8+ to 1.1.11.
xine-lib-1.1.11-1.fc8 has been submitted as an update for Fedora 8
Rawhide build is waiting for aalib to be fixed (#438250).
xine-lib-1.1.11-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
xine-lib-1.1.11.1-1.fc7 has been submitted as an update for Fedora 7
xine-lib-1.1.11.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.