• info
• discussion
• exploit
• solution
• references

Xine-Lib Remote Client-Side Buffer Overflow Vulnerability

Solution:
xine-lib 1.0 addresses this vulnerability.

Turbolinux has released a security announcement (TLSA- 24022005) and fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.

Gentoo has released an advisory GLSA 200501-07 to address various issues in xine-lib. Gentoo users may carry out the following commands to update their systems:

emerge --sync
emerge --ask --oneshot --verbose media-libs/xine-lib

Please see the referenced advisory for more information.

Mandrake has released an advisory MDKSA-2005:011 to address various issues in xine-lib. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. Customers are advised to peruse the referenced advisory for further information regarding obtaining and applying appropriate updates.


xine xine-lib 1-rc2

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta3

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc6a

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta1

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc3a

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta4

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta8

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc5

• Mandrake lib64xine1-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64xine1-devel-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-devel-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc3b

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc1

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc4

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta7

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine 1-rc3

• Mandrake lib64xine1-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64xine1-devel-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-devel-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php

xine xine-lib 1-rc3c

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta9

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta10

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc3

• Mandrake lib64xine1-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64xine1-devel-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-devel-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.3.100mdk.amd64.rpm
  Mandrake Linux 10.0/AMD64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc3.6.3.100mdk.i586.rpm
  Mandrake Linux 10.0
  http://www.mandrakesecure.net/en/ftp.php


• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta2

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta12

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-rc0

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta11

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta6

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 1-beta5

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine 1-rc0a

• TurboLinux xine-lib-1rc3c-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/xine-lib-1rc3c-12.i586.rpm


• TurboLinux xine-lib-devel-1rc3c-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/xine-lib-devel-1rc3c-12.i586.rpm


• TurboLinux xine-lib-wmf-1rc3c-12.i586.rpm
  ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/xine-lib-wmf-1rc3c-12.i586.rpm

xine xine-lib 1-alpha

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine 1-rc5

• Mandrake lib64xine1-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake lib64xine1-devel-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake libxine1-devel-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-aa-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-arts-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-dxr3-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-esd-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-flac-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-gnomevfs-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc5.9.1.101mdk.i586.rpm
  Mandrake Linux 10.1
  http://www.mandrakesecure.net/en/ftp.php


• Mandrake xine-plugins-1-0.rc5.9.1.101mdk.x86_64.rpm
  Mandrake Linux 10.1/x86_64
  http://www.mandrakesecure.net/en/ftp.php

xine xine-lib 0.9.13

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine 0.9.18

• SuSE xine-0.9.18-139.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/xine-0.9.18-139.i 586.rpm

xine xine-lib 0.9.8

• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz

xine xine-lib 0.99

• SuSE xine-lib-0.99.rc0a-119.i586.rpm
  ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/xine-lib-0.99.rc0 a-119.i586.rpm


• SuSE xine-lib-0.99.rc3a-106.18.x86_64.rpm
  ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/xine-lib-0.99 .rc3a-106.18.x86_64.rpm


• xine xine-lib-1.0.tar.gz
  http://prdownloads.sourceforge.net/xine/xine-lib-1.0.tar.gz