• info
• discussion
• exploit
• solution
• references

Xine-lib VideoCD And Text Subtitle Stack Overflow Vulnerabilities

Solution:
Version 1-rc6a of Xine-lib has been released, along with patches for older versions, to address these issues:

Gentoo has released an advisory (GLSA 200409-30) to address various issues in xine-lib. Please see the referenced advisory for more information. Gentoo users may carry out the following commands to update their computers:

emerge sync
emerge -pv ">=media-libs/xine-lib-1_rc6"
emerge ">=media-libs/xine-lib-1_rc6"

Mandrake has released an advisory (MDKSA-2004:105) to address various issue in xine-lib. Please see the referenced advisory for more information.

SuSE has released a security summary report (SUSE-SR:2004:001) to address these and other issues. The report indicates that fixes for these issues are available on the SuSE FTP server and also through the YaST Online Update utility. Customers are advised to peruse the referenced advisory for further details regarding obtaining and applying appropriate fixes.


xine xine-lib 1-rc2

• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc5

• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc4

• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc3

• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc4

• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc2

• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine-lib 1-rc3

• Mandrake lib64xine1-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64xine1-devel-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.2.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.2.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 1-rc5

• xine cd_types.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/libc dio/cd_types.c?r1=1.2&r2=1.3&diff_format=u


• xine demux_sputext.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/dem ux_sputext.c?r1=1.36&r2=1.37&diff_format=u


• xine xine_decoder.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/libsputext/xin e_decoder.c?r1=1.84&r2=1.85&diff_format=u


• xine xineplug_inp_vcd.c patch
  http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/vcd/xine plug_inp_vcd.c?r1=1.18&r2=1.22&diff_format=u


• xine xine-lib-1-rc6a.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1-rc6a.tar.gz?downloa d

xine xine 0.9.18

• SuSE xine-0.9.18-137.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/xine-0.9.18-137.i 586.patch.rpm


• SuSE xine-0.9.18-137.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/xine-0.9.18-137.i 586.rpm

xine xine-lib 0.99

• SuSE xine-lib-0.99.rc0a-117.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/xine-lib-0.99.rc0 a-117.i586.patch.rpm


• SuSE xine-lib-0.99.rc0a-117.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/xine-lib-0.99 .rc0a-117.x86_64.patch.rpm


• SuSE xine-lib-0.99.rc3a-106.15.i586.patch.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/xine-lib-0.99.rc3 a-106.15.i586.patch.rpm


• SuSE xine-lib-0.99.rc3a-106.15.x86_64.patch.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/xine-lib-0.99 .rc3a-106.15.x86_64.patch.rpm


• SuSE xine-lib-0.99.rc0a-117.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/xine-lib-0.99.rc0 a-117.i586.rpm


• SuSE xine-lib-0.99.rc0a-117.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/xine-lib-0.99 .rc0a-117.x86_64.rpm


• SuSE xine-lib-0.99.rc3a-106.15.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/xine-lib-0.99.rc3 a-106.15.i586.rpm


• SuSE xine-lib-0.99.rc3a-106.15.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/xine-lib-0.99 .rc3a-106.15.x86_64.rpm