Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 218059 (CVE-2008-1878) - media-libs/xine-lib <1.1.13: buffer overflow in nsf demuxer (CVE-2008-1878)
Summary: media-libs/xine-lib <1.1.13: buffer overflow in nsf demuxer (CVE-2008-1878)
Status: RESOLVED FIXED
Alias: CVE-2008-1878
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://lists.grok.org.uk/pipermail/fu...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2008-04-17 06:57 UTC by Hanno Böck
Modified: 2020-04-08 21:46 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
file crashing xine (evil.mp3,128 bytes, application/octet-stream)
2008-04-17 06:59 UTC, Hanno Böck
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2008-04-17 06:57:43 UTC
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061539.html

(will attach sample)
Comment 1 Hanno Böck gentoo-dev 2008-04-17 06:59:32 UTC
Created attachment 150019 [details]
file crashing xine
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-04-29 12:36:13 UTC
Any news here? we already have a pending GLSA for xine-lib (bug #213039 and bug #214270), but with a vulnerability remaining, it's pointless.
Comment 4 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2008-05-18 13:19:53 UTC
Hi Diego and media-video team,

our GLSA draft about xine-lib has been ready for several days now, and we are still waiting for this bug being solved. Please tell us if you plan to include the patches for CVE-2008-1878 very shortly, or if not.
Comment 5 Hanno Böck gentoo-dev 2008-06-02 07:34:20 UTC
Hi, I tried to fix this issue, but it seems the upstream commit doesn't fix it (xine-lib 1.1 branch still crashes). I'm in contact with diego to resolv this.
Comment 6 Hanno Böck gentoo-dev 2008-06-07 17:35:43 UTC
xine-lib-1.1.12-r1 should fix the buffer overflow. There's another crash-bug, so testing the evil.mp3 will still crash xine, but there's no overflow any more.
Comment 7 Alexis Ballier gentoo-dev 2008-06-25 15:40:50 UTC
(In reply to comment #2)
> Any news here? we already have a pending GLSA for xine-lib (bug #213039 and bug
> #214270), but with a vulnerability remaining, it's pointless.
> 

pong

wasn't -r1 good enough ? anyway, 1.1.13 is in the tree now.

Changes:
* Security fixes:
  - Buffer overflow in the NSF demuxer which may allow remote attackers to
    cause a denial of service (crash) or possibly execute arbitrary code
    via an NSF file with a long title or copyright message. (CVE-2008-1878)
  - For extra safety against possible Integer overflows like the ones found
    in CVE-2008-1482, backport more calloc usage from 1.2 branch.
* Added MIME types and .mpp for musepack.
* Fixed display of some MJPEG streams (YUVJ420P).
* Deprecate xine_xmalloc() function, see src/xine-utils/utils.c for more
  information about the reason.
* Provide a useful implementation of xine_register_log_cb().
* New version of the JACK output plugin.
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2008-07-06 18:37:02 UTC
thanks Alexis.
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2008-07-06 22:15:35 UTC
Arches, please test and mark stable:
=media-libs/xine-lib-1.1.13
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2008-07-07 00:58:00 UTC
Stable for HPPA.
Comment 11 Brent Baude (RETIRED) gentoo-dev 2008-07-07 03:07:41 UTC
ppc64 and ppc done
Comment 12 Markus Meier gentoo-dev 2008-07-07 20:58:15 UTC
amd64/x86 stable
Comment 13 Raúl Porcel (RETIRED) gentoo-dev 2008-07-09 11:19:12 UTC
ia64/sparc stable
Comment 14 Tobias Klausmann (RETIRED) gentoo-dev 2008-07-14 17:10:24 UTC
Stable on alpha.
Comment 15 Robert Buchholz (RETIRED) gentoo-dev 2008-08-06 00:31:49 UTC
GLSA 200808-01