MDKSA-2004:105

Package name

xine-lib

Date

2004-10-06

Advisory ID

MDKSA-2004:105

Affected versions

10.0 amd64 , 10.0 i586

Problem description

A number of string overflows were discovered in the xine-lib program, some of which can be used for remote buffer overflow exploits that lead to the execution of arbitrary code with the permissions of the user running a xine-lib-based media application. xine-lib versions 1-rc2 through, and including, 1-rc5 are vulnerable to these problems. As well, a heap overflow was found in the DVD subpicture decoder of xine-lib; this vulnerability is also remotely exploitable. All versions of xine-lib prior to and including 0.5.2 through, and including, 1-rc5 are vulnerable to this problem. Patches from the xine-lib team have been backported and applied to the program to solve these problems.

Updated packages

10.0 amd64

 12e4e1ef7a03cee73b025f106de3f05e  amd64/10.0/RPMS/lib64xine1-1-0.rc3.6.2.100mdk.amd64.rpm
b04a4aa8e15009fe67e7cbd2b5d7304f  amd64/10.0/RPMS/lib64xine1-devel-1-0.rc3.6.2.100mdk.amd64.rpm
dec9a4e10c6c1f3cda08a252bfa54963  amd64/10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.amd64.rpm
76890b85ba9cc2ddd84bc8f7f79e1482  amd64/10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.amd64.rpm
fbf465711eda60e57198666c0c693267  amd64/10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.amd64.rpm
e5921bb72c4a819a685d736301643c4d  amd64/10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.amd64.rpm
c79055804621f8ff95ad738a75bcc5d6  amd64/10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.amd64.rpm
72781a34d4b3f83d2e4a3e5226ed5942  amd64/10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.amd64.rpm
0f65783b02ceea2ee697af41a4406d76  amd64/10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm

10.0 i586

 10ce6885addcfa3a9ed0380805fcbce6  10.0/RPMS/libxine1-1-0.rc3.6.2.100mdk.i586.rpm
2a1341dfa762f5208673ab20ec5d9092  10.0/RPMS/libxine1-devel-1-0.rc3.6.2.100mdk.i586.rpm
a654845136034c4cdb30ed89a0ca81b7  10.0/RPMS/xine-aa-1-0.rc3.6.2.100mdk.i586.rpm
e70b118d3bdd2a9a9dc48143601f78a4  10.0/RPMS/xine-arts-1-0.rc3.6.2.100mdk.i586.rpm
1ff7a30cd60c470f4d89cebfaf33d5f8  10.0/RPMS/xine-dxr3-1-0.rc3.6.2.100mdk.i586.rpm
2be55268cb20ff387313f662d19e5112  10.0/RPMS/xine-esd-1-0.rc3.6.2.100mdk.i586.rpm
8ea540e75311662ee5db57a0fa38e51a  10.0/RPMS/xine-flac-1-0.rc3.6.2.100mdk.i586.rpm
ba12f4c0368e6d81f6965c64e13796a0  10.0/RPMS/xine-gnomevfs-1-0.rc3.6.2.100mdk.i586.rpm
253a8c8dac5200fe7afc3d5d502be1ed  10.0/RPMS/xine-plugins-1-0.rc3.6.2.100mdk.i586.rpm
0f65783b02ceea2ee697af41a4406d76  10.0/SRPMS/xine-lib-1-0.rc3.6.2.100mdk.src.rpm

References

• http://xinehq.de/index.php/security/XSA-2004-4
• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1379
• http://xinehq.de/index.php/security/XSA-2004-5