| |||||||||||||||||||
Pardus alert 2011-74 (vlc vlc-firefox)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-74 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-03 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in vlc, which can be exploited by malicious people to trigger execution of arbitrary code. Description =========== CVE-2011-1684: When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size might lead to corruption of the heap. Affected packages: Pardus 2009: vlc, all before 1.1.4-51-29 vlc-firefox, all before 1.1.4-51-29 Pardus 2011: vlc, all before 1.1.9-52-p11 vlc-devel, all before 1.1.9-52-p11 vlc-firefox, all before 1.1.9-52-p11 vlc-libs, all before 1.1.9-52-p11 vlc-lua, all before 1.1.9-52-p11 Resolution ========== There are update(s) for vlc, vlc-firefox, vlc-devel, vlc-libs, vlc-lua. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up vlc vlc-firefox Pardus 2011: pisi up vlc vlc-devel vlc-firefox vlc-libs vlc-lua References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17747 * http://www.videolan.org/security/sa1103.html ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||