[gentoo-announce] [ GLSA 200804-25 ] VLC: User-assisted execution of arbitrary code - gentoo-announce

From:	Robert Buchholz <rbu@g.o>
To:	gentoo-announce@l.g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200804-25 ] VLC: User-assisted execution of arbitrary code
Date:	Wed, 23 Apr 2008 16:37:08
Message-Id:	`200804231820.46221.rbu@gentoo.org`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200804-25

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Normal

8

     Title: VLC: User-assisted execution of arbitrary code

9

      Date: April 23, 2008

10

      Bugs: #214277, #214627

11

        ID: 200804-25

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities were found in VLC, allowing for the execution

19

of arbitrary code.

20

21

Background

22

==========

23

24

VLC is a cross-platform media player and streaming server.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package          /  Vulnerable  /                      Unaffected

31

    -------------------------------------------------------------------

32

  1  media-video/vlc      < 0.8.6f                           >= 0.8.6f

33

34

Description

35

===========

36

37

Multiple vulnerabilities were found in VLC:

38

39

* Luigi Auriemma discovered that the stack-based buffer overflow when

40

  reading subtitles, which has been reported as CVE-2007-6681 in GLSA

41

  200803-13, was not properly fixed (CVE-2008-1881).

42

43

* Alin Rad Pop of Secunia reported an array indexing vulnerability in

44

  the sdpplin_parse() function when processing streams from RTSP

45

  servers in Xine code, which is also used in VLC (CVE-2008-0073).

46

47

* Drew Yao and Nico Golde reported an integer overflow in the

48

  MP4_ReadBox_rdrf() function in the file libmp4.c leading to a

49

  heap-based buffer overflow when reading MP4 files (CVE-2008-1489).

50

51

* Drew Yao also reported integer overflows in the MP4 demuxer, the

52

  Real demuxer and in the Cinepak codec, which might lead to buffer

53

  overflows (CVE-2008-1768).

54

55

* Drew Yao finally discovered and a boundary error in Cinepak, which

56

  might lead to memory corruption (CVE-2008-1769).

57

58

Impact

59

======

60

61

A remote attacker could entice a user to open a specially crafted media

62

file or stream, possibly resulting in the remote execution of arbitrary

63

code.

64

65

Workaround

66

==========

67

68

There is no known workaround at this time.

69

70

Resolution

71

==========

72

73

All VLC users should upgrade to the latest version:

74

75

    # emerge --sync

76

    # emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6f"

77

78

References

79

==========

80

81

  [ 1 ] CVE-2007-6681

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681

83

  [ 2 ] CVE-2008-0073

84

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073

85

  [ 3 ] CVE-2008-1489

86

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489

87

  [ 4 ] CVE-2008-1768

88

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1768

89

  [ 5 ] CVE-2008-1769

90

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1769

91

  [ 6 ] CVE-2008-1881

92

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1881

93

  [ 7 ] GLSA 200803-13

94

        http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml

95

96

Availability

97

============

98

99

This GLSA and any updates to it are available for viewing at

100

the Gentoo Security Website:

101

102

  http://security.gentoo.org/glsa/glsa-200804-25.xml

103

104

Concerns?

105

=========

106

107

Security is a primary focus of Gentoo Linux and ensuring the

108

confidentiality and security of our users machines is of utmost

109

importance to us. Any security concerns should be addressed to

110

security@g.o or alternatively, you may file a bug at

111

http://bugs.gentoo.org.

112

113

License

114

=======

115

116

Copyright 2008 Gentoo Foundation, Inc; referenced text

117

belongs to its owner(s).

118

119

The contents of this document are licensed under the

120

Creative Commons - Attribution / Share Alike license.

121

122

http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200804-25
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: VLC: User-assisted execution of arbitrary code
9	Date: April 23, 2008
10	Bugs: #214277, #214627
11	ID: 200804-25
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities were found in VLC, allowing for the execution
19	of arbitrary code.
20
21	Background
22	==========
23
24	VLC is a cross-platform media player and streaming server.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 media-video/vlc < 0.8.6f >= 0.8.6f
33
34	Description
35	===========
36
37	Multiple vulnerabilities were found in VLC:
38
39	* Luigi Auriemma discovered that the stack-based buffer overflow when
40	reading subtitles, which has been reported as CVE-2007-6681 in GLSA
41	200803-13, was not properly fixed (CVE-2008-1881).
42
43	* Alin Rad Pop of Secunia reported an array indexing vulnerability in
44	the sdpplin_parse() function when processing streams from RTSP
45	servers in Xine code, which is also used in VLC (CVE-2008-0073).
46
47	* Drew Yao and Nico Golde reported an integer overflow in the
48	MP4_ReadBox_rdrf() function in the file libmp4.c leading to a
49	heap-based buffer overflow when reading MP4 files (CVE-2008-1489).
50
51	* Drew Yao also reported integer overflows in the MP4 demuxer, the
52	Real demuxer and in the Cinepak codec, which might lead to buffer
53	overflows (CVE-2008-1768).
54
55	* Drew Yao finally discovered and a boundary error in Cinepak, which
56	might lead to memory corruption (CVE-2008-1769).
57
58	Impact
59	======
60
61	A remote attacker could entice a user to open a specially crafted media
62	file or stream, possibly resulting in the remote execution of arbitrary
63	code.
64
65	Workaround
66	==========
67
68	There is no known workaround at this time.
69
70	Resolution
71	==========
72
73	All VLC users should upgrade to the latest version:
74
75	# emerge --sync
76	# emerge --ask --oneshot --verbose ">=media-video/vlc-0.8.6f"
77
78	References
79	==========
80
81	[ 1 ] CVE-2007-6681
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6681
83	[ 2 ] CVE-2008-0073
84	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0073
85	[ 3 ] CVE-2008-1489
86	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1489
87	[ 4 ] CVE-2008-1768
88	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1768
89	[ 5 ] CVE-2008-1769
90	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1769
91	[ 6 ] CVE-2008-1881
92	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1881
93	[ 7 ] GLSA 200803-13
94	http://www.gentoo.org/security/en/glsa/glsa-200803-13.xml
95
96	Availability
97	============
98
99	This GLSA and any updates to it are available for viewing at
100	the Gentoo Security Website:
101
102	http://security.gentoo.org/glsa/glsa-200804-25.xml
103
104	Concerns?
105	=========
106
107	Security is a primary focus of Gentoo Linux and ensuring the
108	confidentiality and security of our users machines is of utmost
109	importance to us. Any security concerns should be addressed to
110	security@g.o or alternatively, you may file a bug at
111	http://bugs.gentoo.org.
112
113	License
114	=======
115
116	Copyright 2008 Gentoo Foundation, Inc; referenced text
117	belongs to its owner(s).
118
119	The contents of this document are licensed under the
120	Creative Commons - Attribution / Share Alike license.
121
122	http://creativecommons.org/licenses/by-sa/2.5