[Frugalware-security] [ FSA-88 ] vlc

voroskoi noreply at frugalware.org
Thu Jan 11 20:20:12 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-88

Date: 2007-01-11
Package: vlc
Vulnerable versions: <= 0.8.5-1
Unaffected versions: >= 0.8.6-1siwenna2
Related bugreport: http://bugs.frugalware.org/task/1579
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0017

Description
===========

Kevin Finisterre and LMH have reported a vulnerability in VLC media player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a format string error when handling &quot;udp://&quot; URIs and can be exploited via a specially crafted web site or an M3U file with a specially crafted udp:// URI containing format string specifiers as the file name.
Successful exploitation allows execution of arbitrary code.

Updated Packages
================

Check if you have vlc installed:

	# pacman -Q vlc

If found, then you should upgrade to the latest version:

	# pacman -Sy vlc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFFpo3sZ7NElSD1VhkRAhx2AJ0efBYvZwSzwMKk3BK71IyNN1c2SQCgjL9W
x4r4HMFazMciQQMxcct+lvQ=
=TjLY
-----END PGP SIGNATURE-----


More information about the Frugalware-security mailing list