Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Sean Amoss <ackle@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201411-01 ] VLC: Multiple vulnerabilities
Date: Wed, 05 Nov 2014 22:07:56
Message-Id: 545A9F2A.9090501@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201411-01
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: VLC: Multiple vulnerabilities
9 Date: November 05, 2014
10 Bugs: #279340, #285370, #316709, #332361, #350933, #352206,
11 #352776, #353326, #360189, #363359, #370321, #375167,
12 #385953, #395543, #408881, #414409, #424435, #442758,
13 #450438, #454650, #476436, #486902, #493710, #499806
14 ID: 201411-01
15
16 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
17
18 Synopsis
19 ========
20
21 Multiple vulnerabilities have been found in VLC, the worst of which
22 could lead to user-assisted execution of arbitrary code.
23
24 Background
25 ==========
26
27 VLC is a cross-platform media player and streaming server.
28
29 Affected packages
30 =================
31
32 -------------------------------------------------------------------
33 Package / Vulnerable / Unaffected
34 -------------------------------------------------------------------
35 1 media-video/vlc < 2.1.2 >= 2.1.2
36
37 Description
38 ===========
39
40 Multiple vulnerabilities have been discovered in VLC. Please review the
41 CVE identifiers referenced below for details.
42
43 Impact
44 ======
45
46 A remote attacker could entice a user to open a specially crafted media
47 file using VLC, possibly resulting in execution of arbitrary code with
48 the privileges of the process or a Denial of Service condition.
49
50 Workaround
51 ==========
52
53 There is no known workaround at this time.
54
55 Resolution
56 ==========
57
58 All VLC users should upgrade to the latest version:
59
60 # emerge --sync
61 # emerge --ask --oneshot --verbose ">=media-video/vlc-2.1.2"
62
63 References
64 ==========
65
66 [ 1 ] CVE-2010-1441
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1441
68 [ 2 ] CVE-2010-1442
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1442
70 [ 3 ] CVE-2010-1443
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1443
72 [ 4 ] CVE-2010-1444
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1444
74 [ 5 ] CVE-2010-1445
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1445
76 [ 6 ] CVE-2010-2062
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2062
78 [ 7 ] CVE-2010-2937
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2937
80 [ 8 ] CVE-2010-3124
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3124
82 [ 9 ] CVE-2010-3275
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3275
84 [ 10 ] CVE-2010-3276
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3276
86 [ 11 ] CVE-2010-3907
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3907
88 [ 12 ] CVE-2011-0021
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0021
90 [ 13 ] CVE-2011-0522
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0522
92 [ 14 ] CVE-2011-0531
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0531
94 [ 15 ] CVE-2011-1087
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1087
96 [ 16 ] CVE-2011-1684
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1684
98 [ 17 ] CVE-2011-2194
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2194
100 [ 18 ] CVE-2011-2587
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2587
102 [ 19 ] CVE-2011-2588
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2588
104 [ 20 ] CVE-2011-3623
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3623
106 [ 21 ] CVE-2012-0023
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0023
108 [ 22 ] CVE-2012-1775
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1775
110 [ 23 ] CVE-2012-1776
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1776
112 [ 24 ] CVE-2012-2396
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2396
114 [ 25 ] CVE-2012-3377
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-3377
116 [ 26 ] CVE-2012-5470
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5470
118 [ 27 ] CVE-2012-5855
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5855
120 [ 28 ] CVE-2013-1868
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1868
122 [ 29 ] CVE-2013-1954
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1954
124 [ 30 ] CVE-2013-3245
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3245
126 [ 31 ] CVE-2013-4388
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4388
128 [ 32 ] CVE-2013-6283
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6283
130 [ 33 ] CVE-2013-6934
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6934
132
133 Availability
134 ============
135
136 This GLSA and any updates to it are available for viewing at
137 the Gentoo Security Website:
138
139 http://security.gentoo.org/glsa/glsa-201411-01.xml
140
141 Concerns?
142 =========
143
144 Security is a primary focus of Gentoo Linux and ensuring the
145 confidentiality and security of our users' machines is of utmost
146 importance to us. Any security concerns should be addressed to
147 security@g.o or alternatively, you may file a bug at
148 https://bugs.gentoo.org.
149
150 License
151 =======
152
153 Copyright 2014 Gentoo Foundation, Inc; referenced text
154 belongs to its owner(s).
155
156 The contents of this document are licensed under the
157 Creative Commons - Attribution / Share Alike license.
158
159 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups