USN-710-1: xine-lib vulnerabilities

Ubuntu Security Notice USN-710-1

26th January, 2009

xine-lib vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 7.10
  • Ubuntu 6.06 LTS

Software description

  • xine-lib

Details

It was discovered that xine-lib did not correctly handle certain malformed
Ogg and Windows Media files. If a user or automated system were tricked into
opening a specially crafted Ogg or Windows Media file, an attacker could cause
xine-lib to crash, creating a denial of service. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-3231)

It was discovered that the MNG, MOD, and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
tricked into opening a specially crafted MNG, MOD, or Real file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ubuntu 6.06 LTS, 7.10,
and 8.04 LTS. (CVE-2008-5233)

It was discovered that the QT demuxer in xine-lib did not correctly handle
an invalid metadata atom size, resulting in a heap-based buffer overflow. If a
user or automated system were tricked into opening a specially crafted MOV file,
an attacker could execute arbitrary code as the user invoking the program.
(CVE-2008-5234, CVE-2008-5242)

It was discovered that the Real, RealAudio, and Matroska demuxers in xine-lib
did not correctly handle malformed files, resulting in heap-based buffer
overflows. If a user or automated system were tricked into opening a specially
crafted Real, RealAudio, or Matroska file, an attacker could execute arbitrary
code as the user invoking the program. (CVE-2008-5236)

It was discovered that the MNG and QT demuxers in xine-lib did not correctly
handle malformed files, resulting in integer overflows. If a user or automated
system were tricked into opening a specially crafted MNG or MOV file, an
attacker could execute arbitrary code as the user invoking the program.
(CVE-2008-5237)

It was discovered that the Matroska, MOD, Real, and Real Audio demuxers in
xine-lib did not correctly handle malformed files, resulting in integer
overflows. If a user or automated system were tricked into opening a specially
crafted Matroska, MOD, Real, or Real Audio file, an attacker could execute
arbitrary code as the user invoking the program. This issue only applied to
Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5238)

It was discovered that the input handlers in xine-lib did not correctly handle
certain error codes, resulting in out-of-bounds reads and heap-based buffer
overflows. If a user or automated system were tricked into opening a specially
crafted file, stream, or URL, an attacker could execute arbitrary code as the
user invoking the program. (CVE-2008-5239)

It was discovered that the Matroska and Real demuxers in xine-lib did not
correctly handle memory allocation failures. If a user or automated system were
tricked into opening a specially crafted Matroska or Real file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. (CVE-2008-5240)

It was discovered that the QT demuxer in xine-lib did not correctly handle
an invalid metadata atom size in a compressed MOV file, resulting in an integer
underflow. If a user or automated system were tricked into opening a specially
crafted MOV file, an attacker could an attacker could cause xine-lib to crash,
creating a denial of service. (CVE-2008-5241)

It was discovered that the Real demuxer in xine-lib did not correctly handle
certain malformed files. If a user or automated system were tricked into opening
a specially crafted Real file, an attacker could could cause xine-lib to crash,
creating a denial of service. (CVE-2008-5243)

It was discovered that xine-lib did not correctly handle certain malformed AAC
files. If a user or automated system were tricked into opening a specially
crafted AAC file, an attacker could could cause xine-lib to crash, creating a
denial of service. This issue only applied to Ubuntu 7.10, and 8.04 LTS.
(CVE-2008-5244)

It was discovered that the id3 tag handler in xine-lib did not correctly handle
malformed tags, resulting in heap-based buffer overflows. If a user or automated
system were tricked into opening a media file containing a specially crafted id3
tag, an attacker could execute arbitrary code as the user invoking the program.
This issue only applied to Ubuntu 6.06 LTS, 7.10, and 8.04 LTS. (CVE-2008-5246)

It was discovered that xine-lib did not correctly handle MP3 files with metadata
consisting only of separators. If a user or automated system were tricked into
opening a specially crafted MP3 file, an attacker could could cause xine-lib to
crash, creating a denial of service. This issue only applied to Ubuntu 6.06 LTS,
7.10, and 8.04 LTS. (CVE-2008-5248)

It was discovered that the Matroska demuxer in xine-lib did not correctly handle
an invalid track type. If a user or automated system were tricked into opening
a specially crafted Matroska file, an attacker could could cause xine-lib to
crash, creating a denial of service.

It was discovered that the ffmpeg video decoder in xine-lib did not correctly
handle media with certain image heights, resulting in a heap-based buffer
overflow. If a user or automated system were tricked into opening a specially
crafted video file, an attacker could crash xine-lib or possibly execute
arbitrary code with the privileges of the user invoking the program. This issue
only applied to Ubuntu 7.10, 8.04 LTS, and 8.10.

It was discovered that the ffmpeg audio decoder in xine-lib did not correctly
handle malformed media, resulting in a integer overflow. If a user or automated
system were tricked into opening a specially crafted media file, an attacker
could crash xine-lib or possibly execute arbitrary code with the privileges of
the user invoking the program. This issue only applied to Ubuntu 8.10.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.10:
libxine1 1.1.15-0ubuntu3.1
Ubuntu 8.04 LTS:
libxine1 1.1.11.1-1ubuntu3.2
Ubuntu 7.10:
libxine1 1.1.7-1ubuntu1.4
Ubuntu 6.06 LTS:
libxine-main1 1.1.1+ubuntu2-7.10

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart applications linked against
xine-lib, such as Totem-xine and Amarok, to effect the necessary changes.

References

CVE-2008-3231, CVE-2008-5233, CVE-2008-5234, CVE-2008-5236, CVE-2008-5237, CVE-2008-5238, CVE-2008-5239, CVE-2008-5240, CVE-2008-5241, CVE-2008-5242, CVE-2008-5243, CVE-2008-5244, CVE-2008-5246, CVE-2008-5248