| |||||||||||||||||||
Pardus alert 2011-23 (vlc vlc-firefox)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-23 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-02 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= Two vulnerabilities have been identified in VLC Media Player, which could be exploited by attackers. Description =========== CVE-2011-0522: stripTags() function when processing malformed data, can run past the input string termination resulting in a heap corruption. Affected packages: Pardus 2009: vlc, all before 1.1.4-48-26 vlc-firefox, all before 1.1.4-48-26 Resolution ========== There are update(s) for vlc, vlc-firefox. You can update them via Package Manager or with a single command from console: pisi up vlc vlc-firefox References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=16513 * http://seclists.org/oss-sec/2011/q1/127 * http://www.vupen.com/english/advisories/2011/0225 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||