| |||||||||||||||||||
Pardus alert 2011-39 (vlc vlc-firefox)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-39 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-14 Severity: 4 Type: Remote ------------------------------------------------------------------------ Summary ======= Multiple vulnerabilities have been fixed in vlc, which can potentially be exploited by malicious people to cause a denial of service or possibly execute arbitrary code or commands. Description =========== CVE-2011-0021: Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted CDG video. CVE-2011-0531: demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro. Affected packages: Pardus 2009: vlc, all before 1.1.4-50-28 vlc-firefox, all before 1.1.4-50-28 Resolution ========== There are update(s) for vlc, vlc-firefox. You can update them via Package Manager or with a single command from console: pisi up vlc vlc-firefox References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=16768 * http://bugs.pardus.org.tr/show_bug.cgi?id=16806 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||