Like the excellent Mplayer, Xine is a superb free media player for Linux. Sadly there is a generic stack based buffer overflow in all versions of Xine-lib, including Xine-lib-rc5 that allows for local and remote malicious code execution. By overflowing the vcd:// input source identifier buffer, it is possible to modify the instruction pointer with a value that a malicious attacker can control. The issue can be replicated in a remote context by embedding the input source idientifier within a playlist file, such as an asx. When a user plays the file, this stack overflow will occur, exploit code can then be executed with the rights of the user running Xine.
The problem slightly increases due to a usability feature. It does not have to be an asx extension for exploitation to succeed as Xine will try to be clever and play any media type found, providing it's valid. This still means the attack vector MUST include the .asx input identifier but it means you can not even trust URL's for .mp3, .mpeg, .mpg or .avi media. As long as Xine finds a valid media header, it's happy to change the demuxer reference and play the found media. In this case it's a playlist file, ".asx", though others should work.
Patch can be found here:
Still no official Xine advisory to be found here:
x86 ppc sparc amd64 hppa alpha ppc64
please mark stable.
Version numbers also help:
please mark media-libs/xine-lib-1_rc5-r3 stable
we now continue with the show already in progress.
stable on amd64
stable on ppc
Stable on x86
Played some mpeg4 files
Played a dvd
Played some music
Explored the different menu options.
Everything went just nicely.
Stable on alpha.
stable on hppa ... dont know why you said it was stable on alpha; when i added hppa, alpha was still in unstable ...
so i added alpha to stable too :p
Sorry for the lack of movement here folks. There is a problem with sparc32 and xine-lib which causes a failure in compiling. I'm hoping to focus some serious time on it tomorrow and get it straightened around. It doed work fine on sparc64 however, so if people feel that this really needs to get out pronto, we can bump.
Jason tomorrow is fine.
GLSA drafted: security please review
Marked stable on sparc.
sparc32 is still broken on this ebuild however. I don't see this as a huge issue as most people probably aren't attempting to watch movies on a machine that can barely play mp3s. However I will be opening up a seperate bug to try and get that issue fixed.
All ready for GLSA. Security please review draft.
*** Bug 60692 has been marked as a duplicate of this bug. ***
ppc64 please mark stable to benifit from GLSA.
stable on ppc64