Public bug reported:
[Impact] * A specially crafted zip file, for example a zipped subtitle, can overwrite arbitrary files by traversing parent directories * This bug can be triggered remotely by tricking the user into opening a crafted subtitle thus I believe fixing it would be important [Test Case] * Download https://people.debian.org/~rbalint/reproducers/check-kodi-CVE-2017-8314.zip * Start playing a video file * Try loading the subtitle from check-kodi-CVE-2017-8314.zip following the ".." directory inside the zip * If you can't open the zip file and load the ../*.srt file inside the zip file your Kodi installation is fixed. Fixed 17.1 does not even list the zip file when browsing for subtitles. [Regression Potential] * Kodi may fail to load valid zip files * You can verify that a harmless subtitle can still be loaded by testing it with https://people.debian.org/~rbalint/reproducers/harmless-subtitle.zip * New build-time tests are added which check potential regressions [Other Info] * From the Debian bug: * Kodi 17.2 have an important fix for the malicious subtitles vulnerability that has the potential to compromise your machine. It is important to update to this version as soon as possible. http://blog.checkpoint.com/2017/05/23/hacked-in-translation/ ** Affects: kodi (Ubuntu) Importance: Undecided Status: New ** Affects: kodi (Debian) Importance: Unknown Status: Unknown ** Tags: security ** Bug watch added: Debian Bug tracker #863230 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863230 ** Also affects: kodi (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863230 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1694249 Title: CVE-2017-8314: malicious subtitle zip files vulnerability To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/kodi/+bug/1694249/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
