Pardus alert 2011-99 (vlc vlc-firefox)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security]  [PLSA 2011-99] vlc: Integer Overflow 
Date:
    	     
 
Thu, 14 Jul 2011 09:32:17 +0300
Message-ID:
    	     
 
<201107140932.17348.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-99            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-07-14
      Type: Remote
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in vlc. 


Description
===========

CVE-2011-2194: 

Integer overflow in the XSPF playlist parser in VLC 0.8.5 through 1.1.9 
allows remote attackers to  cause  a  denial  of  service  (crash)  and 
possibly execute arbitrary code via unspecified vectors that trigger  a 
heap-based buffer overflow. 



Affected packages:

  Pardus 2009:
    vlc, all before 1.1.4-52-30
    vlc-firefox, all before 1.1.4-52

  Pardus 2011:
    vlc, all before 1.1.10-55-p11


Resolution
==========

There are update(s) for vlc,  vlc-firefox.  You  can  update  them  via 
Package Manager or with a single command from console: 

  Pardus 2009:
    pisi up vlc vlc-firefox

  Pardus 2011:
    pisi up vlc


References
==========

  * http://bugs.pardus.org.tr/show_bug.cgi?id=18346

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security