Bug 15928 - xbmc and kodi new integer overflow security issue (CVE-2015-3885)
Summary: xbmc and kodi new integer overflow security issue (CVE-2015-3885)
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: i586 Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL: http://lwn.net/Vulnerabilities/644511/
Whiteboard: advisory MGA4-32-OK mga4-64-ok
Keywords: validated_update
Depends on:
Blocks: 15910
  Show dependency treegraph
Reported: 2015-05-13 16:21 CEST by David Walser
Modified: 2015-05-18 21:08 CEST (History)
3 users (show)

See Also:
Source RPM: xbmc-12.3-1.1.mga4.src.rpm
Status comment:

xbmc crashlog (17.88 KB, text/plain)
2015-05-15 12:23 CEST, Herman Viaene

Description David Walser 2015-05-13 16:21:35 CEST
+++ This bug was initially created as a clone of Bug #15910 +++

An advisory has been issued today (May 11):

XBMC (Mageia 4) and Kodi (Mageia 5) still need to be patched for this issue.
David Walser 2015-05-13 16:21:45 CEST

Whiteboard: (none) => MGA5TOO, MGA4TOO

Comment 1 Nicolas Lécureuil 2015-05-13 23:38:59 CEST
kodi is fixed on SVN

CC: (none) => mageia

Comment 2 Nicolas Lécureuil 2015-05-13 23:52:06 CEST
xbmc is building
Comment 3 David Walser 2015-05-14 00:13:52 CEST
Patched packages uploaded for Mageia 4 and Cauldron.  Thanks Nicolas!


Updated xbmc package fixes security vulnerability:

The dcraw tool suffers from an integer overflow condition which lead to a
buffer overflow. The vulnerability concerns the 'len' variable, parsed without
validation from opened images, used in the ljpeg_start() function. A
maliciously crafted raw image file can be used to trigger the vulnerability,
causing a Denial of Service condition (CVE-2015-3885).

The xbmc package contains a bundled copy of the affected code and has been
patched to fix this issue.


Updated packages in core/updates_testing:

from xbmc-12.3-1.3.mga4.src.rpm

Version: Cauldron => 4
Assignee: anssi.hannula => qa-bugs
Source RPM: kodi-14.0-1.mga5.src.rpm, xbmc-12.3-1.1.mga4.src.rpm => xbmc-12.3-1.1.mga4.src.rpm
Whiteboard: MGA5TOO, MGA4TOO => (none)

David Walser 2015-05-14 17:36:00 CEST

URL: (none) => http://lwn.net/Vulnerabilities/644511/

Comment 4 Herman Viaene 2015-05-15 12:23:55 CEST
Created attachment 6548 [details]
xbmc crashlog

CC: (none) => herman.viaene

Comment 5 Herman Viaene 2015-05-15 12:26:44 CEST
MGA4-32 on AcerD620  Xfce
No installation issues
Plays commercial CD OK
try to play self created DVD, which plays OK on parole media player: as soon as entering TS_VIDEO, xfce bombs out
Gtk-Message: Failed to load module "canberra-gtk-module"
Running DIL (3.22.0) Version
DtsDeviceOpen: Opening HW in mode 0
DtsDeviceOpen: Create File Failed
libpng warning: iCCP: known incorrect sRGB profile
/usr/bin/xbmc: line 123: 11293 Segmentatiefout         (core dumped) "$LIBDIR/xbmc/xbmc.bin" "$@"
Crash report available at /home/tester4/xbmc_crashlog-20150515_121925.log
claire robinson 2015-05-15 13:15:35 CEST

Attachment 6548 mime type: text/x-log => text/plain

Comment 6 claire robinson 2015-05-15 13:28:06 CEST
Is it a regression Herman? Mga4 has quite an old version now. I see reports of dvd issues elsewhere too for this version and other 12's
Comment 7 Herman Viaene 2015-05-15 14:08:42 CEST
Tested same DVD with xbmc 12.3-1.1: same crash
Comment 8 claire robinson 2015-05-15 17:36:11 CEST
I think you can add the OK then Herman please if you're happy with the rest of it.

Comment 9 Herman Viaene 2015-05-16 11:51:37 CEST
I tried an mpg file, and that makes the new version crash as well (did not check anymore on 1.1), so there isn't much to be happy about. Pictures play OK.

Whiteboard: (none) => MGA4-32-OK

Comment 10 claire robinson 2015-05-18 15:57:28 CEST
Testing complete mga4 64

Fed it some avi and mkv and no regression noticed.

Whiteboard: MGA4-32-OK => MGA4-32-OK mga4-64-ok

Comment 11 claire robinson 2015-05-18 16:10:36 CEST
Please create a bug report for the DVD/mpg issues you found Herman, if you haven't already. Thanks.

Validating. Advisory uploaded.

Please push to 4 updates


Keywords: (none) => validated_update
Whiteboard: MGA4-32-OK mga4-64-ok => advisory MGA4-32-OK mga4-64-ok
CC: (none) => sysadmin-bugs

Comment 12 Mageia Robot 2015-05-18 21:08:56 CEST
An update for this issue has been pushed to Mageia Updates repository.


Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.