[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 2257-1] vlc security update




Nico Golde <nion@debian.org> wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>- -------------------------------------------------------------------------
>Debian Security Advisory DSA-2257-1                   security@debian.org
>http://www.debian.org/security/                                Nico Golde
>June 10, 2011                          http://www.debian.org/security/faq
>- -------------------------------------------------------------------------
>
>Package        : vlc
>Vulnerability  : heap-based buffer overflow
>Problem type   : local
>Debian-specific: no
>CVE ID         : CVE-2011-2194
>
>Rocco Calvi discovered that the XSPF playlist parser of vlc, a multimedia
>player and streamer, is prone to an integer overflow resulting in a
>heap-based buffer overflow.  This might allow an attacker to execute
>arbitrary code by tricking a victim into opening a specially crafted
>file.
>
>
>The oldstable distribution (lenny) is not affected by this problem.
>
>For the stable distribution (squeeze), this problem has been fixed in
>version 1.1.3-1squeeze6.
>
>For the testing (wheezy) and unstable (sid) distributions, this
>problem will be fixed soon.
>
>
>We recommend that you upgrade your vlc packages.
>
>Further information about Debian Security Advisories, how to apply
>these updates to your system and frequently asked questions can be
>found at: http://www.debian.org/security/
>
>Mailing list: debian-security-announce@lists.debian.org
>
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.4.11 (GNU/Linux)
>
>iEYEARECAAYFAk3x8LQACgkQHYflSXNkfP8cVQCfXsLglWJUAsX/RfFYMesf4jOv
>7qYAnilMfj3iqc7MsgjS1oFkzkPLgRAc
>=rAAI
>-----END PGP SIGNATURE-----
>
>
>-- 
>To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
>with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>Archive: http://lists.debian.org/20110610102348.GA32205@ngolde.de
>

Reply to: