[Bug 1694249] [NEW] CVE-2017-8314: malicious subtitle zip files vulnerability
Launchpad Bug Tracker
1694249 at bugs.launchpad.net
Mon May 29 20:38:23 UTC 2017
You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):
[Impact]
* A specially crafted zip file, for example a zipped subtitle, can overwrite arbitrary files by traversing parent directories
* This bug can be triggered remotely by tricking the user into opening a crafted subtitle thus I believe fixing it would be important
[Test Case]
* Download https://people.debian.org/~rbalint/reproducers/check-kodi-CVE-2017-8314.zip
* Start playing a video file
* Try loading the subtitle from check-kodi-CVE-2017-8314.zip following the ".." directory inside the zip
* If you can't open the zip file and load the ../*.srt file inside the zip file your Kodi installation is fixed. Fixed 17.1 does not even list the zip file when browsing for subtitles.
[Regression Potential]
* Kodi may fail to load valid zip files
* You can verify that a harmless subtitle can still be loaded by testing it with https://people.debian.org/~rbalint/reproducers/harmless-subtitle.zip
* New build-time tests are added which check potential regressions
[Other Info]
* From the Debian bug:
* Kodi 17.2 have an important fix for the malicious subtitles
vulnerability that has the potential to compromise your machine. It is
important to update to this version as soon as possible.
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
** Affects: kodi (Ubuntu)
Importance: Undecided
Status: New
** Affects: kodi (Debian)
Importance: Unknown
Status: Fix Released
** Tags: patch security
--
CVE-2017-8314: malicious subtitle zip files vulnerability
https://bugs.launchpad.net/bugs/1694249
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.
More information about the Ubuntu-sponsors
mailing list