Debian Bug report logs -
#305343
Exploitable buffer overflow in RTSP streaming code
Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>
Date: Tue, 19 Apr 2005 12:33:02 UTC
Severity: grave
Tags: fixed, patch, security
Found in version 1.0-1
Done: Siggi Langauf <siggi@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Siggi Langauf <siggi@debian.org>:
Bug#305343; Package libxine1.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to Siggi Langauf <siggi@debian.org>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libxine1
Version: 1.0-1
Severity: grave
Tags: security
Two streaming related security issues have been reported in MPlayer. At least
one of them is present in xine-lib as well. The MPlayer reports can be found at
http://www.mplayerhq.hu/homepage/design7/news.html. The vulnerable MMST code
does not seem to be included in xine-lib, at least I couldn't find it.
The issue is an exploitable heap overflow in RTSP streaming (allows potential
remote execution of arbitrary code). Patch is available at
http://sourceforge.net/mailarchive/forum.php?thread_id=7060090&forum_id=11923
Stable is not affected.
Cheers,
Moritz
-- System Information:
Debian Release: 3.0
Architecture: i386
Kernel: Linux anton 2.4.29-univention.1 #1 SMP Thu Jan 27 17:08:46 CET 2005 i686
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro
Versions of packages libxine1 depends on:
ii libasound2 0.9.4-2.18.200308292050 Advanced Linux Sound Architecture
ii libc6 2.3.2-9 GNU C Library: Shared libraries an
ii libfreetyp 2.1.5-2.3.200310081510 FreeType 2 font engine, shared lib
ii libpng12-0 1.2.5.0-8.6.200410161035 PNG library - runtime
ii libspeex1 1.0.rel.1-2.3.200308231822 The Speex Speech Codec
ii libxext6 4.3.0-0pre1v5.51.200409211658 X Window System miscellaneous exte
ii xlibmesa-g 4.3.0-0pre1v5.51.200409211658 Mesa 3D graphics library [XFree86]
ii xlibmesa-g 4.3.0-0pre1v5.51.200409211658 Mesa OpenGL utility library [XFree
ii xlibs 4.3.0-0pre1v5.51.200409211658 X Window System client libraries m
ii zlib1g 1:1.2.2-4.15.200501191530 compression library - runtime
-- debconf-show failed
Information forwarded to debian-bugs-dist@lists.debian.org, Siggi Langauf <siggi@debian.org>:
Bug#305343; Package libxine1.
(full text, mbox, link).
Acknowledgement sent to astharot@astharot.ath.cx (Gerardo Di Giacomo):
Extra info received and forwarded to list. Copy sent to Siggi Langauf <siggi@debian.org>.
(full text, mbox, link).
Message #10 received at 305343@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Patch for sid attached.
Gerardo
[libxine1.patch (text/plain, attachment)]
Information forwarded to debian-bugs-dist@lists.debian.org, Siggi Langauf <siggi@debian.org>:
Bug#305343; Package libxine1.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
Extra info received and forwarded to list. Copy sent to Siggi Langauf <siggi@debian.org>.
(full text, mbox, link).
Message #15 received at 305343@bugs.debian.org (full text, mbox, reply):
I missed the second part; the MMST code is vulnerable as well. Patch at:
http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/mms.c?r1=1.55&r2=1.56&diff_format=u
BTW, this is CAN-2005-1195, please refer to it when fixing it.
Cheers,
Moritz
Tags added: patch
Request was from Frank Lichtenheld <djpig@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Tags added: fixed
Request was from Siggi Langauf <siggi@localhost.localdomain>
to control@bugs.debian.org.
(full text, mbox, link).
Bug closed, send any further explanations to Moritz Muehlenhoff <muehlenhoff@univention.de>
Request was from Siggi Langauf <siggi@debian.org>
to control@bugs.debian.org.
(full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Siggi Langauf <siggi@debian.org>:
Bug#305343; Package libxine1.
(full text, mbox, link).
Acknowledgement sent to Martin Pitt <martin.pitt@canonical.com>:
Extra info received and forwarded to list. Copy sent to Siggi Langauf <siggi@debian.org>.
(full text, mbox, link).
Message #26 received at 305343@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi!
Please do not use the previous patch, since it is incomplete.
The Ubuntu patch
http://patches.ubuntu.com/patches/xine-lib.CAN-2005-1195.patch
also fixes an overflow in the MMS stream decoder.
This is CAN-2005-1195, please mention that in the changelog.
Thanks,
Martin
--
Martin Pitt http://www.piware.de
Ubuntu Developer http://www.ubuntulinux.org
Debian Developer http://www.debian.org
[signature.asc (application/pgp-signature, inline)]
Bug unarchived.
Request was from Stefano Zacchiroli <zack@debian.org>
to control@bugs.debian.org.
(Sun, 10 Apr 2011 08:46:06 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 09 May 2011 07:41:12 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Oct 11 12:08:51 2017;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.