[gentoo-announce] [ GLSA 201603-08 ] VLC: Multiple vulnerabilities - gentoo-announce

From:	Kristian Fiskerstrand <k_f@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201603-08 ] VLC: Multiple vulnerabilities
Date:	Sat, 12 Mar 2016 12:08:46
Message-Id:	`56E40538.5070903@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201603-08

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: VLC: Multiple vulnerabilities

9

     Date: March 12, 2016

10

     Bugs: #534532, #537154, #542222, #558418

11

       ID: 201603-08

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in VLC allowing remote

19

attackers to execute arbitrary code or cause Denial of Service.

20

21

Background

22

==========

23

24

VLC is a cross-platform media player and streaming server.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  media-video/vlc             < 2.2.1-r1               >= 2.2.1-r1

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in VLC. Please review the

38

CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

Remote attackers could possibly execute arbitrary code or cause Denial

44

of Service.

45

46

Workaround

47

==========

48

49

There is no known work around at this time.

50

51

Resolution

52

==========

53

54

All VLC users should upgrade to the latest version:

55

56

  # emerge --sync

57

  # emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.1-r1"

58

59

References

60

==========

61

62

[  1 ] CVE-2014-1684

63

       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1684

64

[  2 ] CVE-2014-6440

65

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6440

66

[  3 ] CVE-2014-9597

67

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9597

68

[  4 ] CVE-2014-9598

69

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9598

70

[  5 ] CVE-2014-9625

71

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9625

72

[  6 ] CVE-2014-9626

73

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626

74

[  7 ] CVE-2014-9627

75

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627

76

[  8 ] CVE-2014-9628

77

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628

78

[  9 ] CVE-2014-9629

79

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629

80

[ 10 ] CVE-2014-9630

81

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630

82

[ 11 ] CVE-2015-1202

83

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1202

84

[ 12 ] CVE-2015-1203

85

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1203

86

[ 13 ] CVE-2015-5949

87

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949

88

[ 14 ] CVE-2015-5949

89

       http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949

90

91

Availability

92

============

93

94

This GLSA and any updates to it are available for viewing at

95

the Gentoo Security Website:

96

97

 https://security.gentoo.org/glsa/201603-08

98

99

Concerns?

100

=========

101

102

Security is a primary focus of Gentoo Linux and ensuring the

103

confidentiality and security of our users' machines is of utmost

104

importance to us. Any security concerns should be addressed to

105

security@g.o or alternatively, you may file a bug at

106

https://bugs.gentoo.org.

107

108

License

109

=======

110

111

Copyright 2016 Gentoo Foundation, Inc; referenced text

112

belongs to its owner(s).

113

114

The contents of this document are licensed under the

115

Creative Commons - Attribution / Share Alike license.

116

117

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201603-08
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: VLC: Multiple vulnerabilities
9	Date: March 12, 2016
10	Bugs: #534532, #537154, #542222, #558418
11	ID: 201603-08
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in VLC allowing remote
19	attackers to execute arbitrary code or cause Denial of Service.
20
21	Background
22	==========
23
24	VLC is a cross-platform media player and streaming server.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 media-video/vlc < 2.2.1-r1 >= 2.2.1-r1
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in VLC. Please review the
38	CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	Remote attackers could possibly execute arbitrary code or cause Denial
44	of Service.
45
46	Workaround
47	==========
48
49	There is no known work around at this time.
50
51	Resolution
52	==========
53
54	All VLC users should upgrade to the latest version:
55
56	# emerge --sync
57	# emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.1-r1"
58
59	References
60	==========
61
62	[ 1 ] CVE-2014-1684
63	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1684
64	[ 2 ] CVE-2014-6440
65	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6440
66	[ 3 ] CVE-2014-9597
67	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9597
68	[ 4 ] CVE-2014-9598
69	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9598
70	[ 5 ] CVE-2014-9625
71	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9625
72	[ 6 ] CVE-2014-9626
73	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9626
74	[ 7 ] CVE-2014-9627
75	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9627
76	[ 8 ] CVE-2014-9628
77	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9628
78	[ 9 ] CVE-2014-9629
79	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9629
80	[ 10 ] CVE-2014-9630
81	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9630
82	[ 11 ] CVE-2015-1202
83	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1202
84	[ 12 ] CVE-2015-1203
85	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1203
86	[ 13 ] CVE-2015-5949
87	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949
88	[ 14 ] CVE-2015-5949
89	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5949
90
91	Availability
92	============
93
94	This GLSA and any updates to it are available for viewing at
95	the Gentoo Security Website:
96
97	https://security.gentoo.org/glsa/201603-08
98
99	Concerns?
100	=========
101
102	Security is a primary focus of Gentoo Linux and ensuring the
103	confidentiality and security of our users' machines is of utmost
104	importance to us. Any security concerns should be addressed to
105	security@g.o or alternatively, you may file a bug at
106	https://bugs.gentoo.org.
107
108	License
109	=======
110
111	Copyright 2016 Gentoo Foundation, Inc; referenced text
112	belongs to its owner(s).
113
114	The contents of this document are licensed under the
115	Creative Commons - Attribution / Share Alike license.
116
117	http://creativecommons.org/licenses/by-sa/2.5