LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Kernel prepatch 3.9-rc6

LWN.net Weekly Edition for April 4, 2013

LWN.net Weekly Edition for March 28, 2013

A kernel change breaks GlusterFS

PyCon: Evangelizing Python

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Mageia alert MGASA-2013-0022 (vlc)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2013-0022: vlc-2.0.3-2.4.mga2 (2/core,
 tainted) 


Date:
    	      Wed, 6 Feb 2013 22:38:36 +0100


Message-ID:
    	      <20130206213836.GA12609@valstar.mageia.org>


Archive-link:
    	      Article, Thread
              


MGASA-2013-0022
Date: 	February 6th, 2013
Affected releases: 	2
Media: 	Core, Tainted


Description:
Updated vlc packages fix security vulnerabilities:

VLC media player 2.0.4 and earlier are vulnerable to buffer overflows in
the freetype renderer and HTML subtitle parser. When parsing a specially
crafted file, a buffer overflow might occur. If successful, a malicious
third party could trigger an invalid memory access, leading to a crash
of VLC or arbitratry code execution (VideoLAN-SA-1301).

VLC media player 2.0.5 and earlier are vulnerable to a buffer overflow
in the ASF demuxer. When parsing a specially crafted ASF movie, a buffer
overflow might occur. If successful, a malicious third party could trigger
an invalid memory access, leading to a crash of VLC media player's process.
In some cases attackers might exploit this issue to execute arbitrary
code within the context of the application but this information is not
confirmed (VideoLAN-SA-1302).

Additionally, this update removes the vlc-plugin-ggi and
vlc-plugin-svgalib packages from Mageia 1 that no longer
exist in Mageia 2.


Updated Packages:
i586:
libvlc5-2.0.3-2.4.mga2.i586.rpm
libvlccore5-2.0.3-2.4.mga2.i586.rpm
libvlc-devel-2.0.3-2.4.mga2.i586.rpm
svlc-2.0.3-2.4.mga2.i586.rpm
vlc-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-common-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.i586.rpm
libvlc5-2.0.3-2.4.mga2.tainted.i586.rpm
libvlccore5-2.0.3-2.4.mga2.tainted.i586.rpm
libvlc-devel-2.0.3-2.4.mga2.tainted.i586.rpm
svlc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-common-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.tainted.i586.rpm

x86_64:
lib64vlc5-2.0.3-2.4.mga2.x86_64.rpm
lib64vlccore5-2.0.3-2.4.mga2.x86_64.rpm
lib64vlc-devel-2.0.3-2.4.mga2.x86_64.rpm
svlc-2.0.3-2.4.mga2.x86_64.rpm
vlc-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-common-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.x86_64.rpm
lib64vlc5-2.0.3-2.4.mga2.tainted.x86_64.rpm
lib64vlccore5-2.0.3-2.4.mga2.tainted.x86_64.rpm
lib64vlc-devel-2.0.3-2.4.mga2.tainted.x86_64.rpm
svlc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-common-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.tainted.x86_64.rpm

SRPMS:
vlc-2.0.3-2.4.mga2.src.rpm
vlc-2.0.3-2.4.mga2.tainted.src.rpm


References:
http://www.videolan.org/security/sa1301.html
http://www.videolan.org/security/sa1302.html
https://bugs.mageia.org/show_bug.cgi?id=8159
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds