Pardus alert 2011-74 (vlc vlc-firefox)
| From: | Meltem Parmaksız <meltem@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2011-74] VLC: Heap Corruption | |
| Date: | Tue, 3 May 2011 14:14:22 +0300 | |
| Message-ID: | <201105031414.22999.meltem@pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-74 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-05-03 Type: Remote ------------------------------------------------------------------------ Summary ======= A vulnerability has been fixed in vlc, which can be exploited by malicious people to trigger execution of arbitrary code. Description =========== CVE-2011-1684: When parsing some MP4 (MPEG-4 Part 14) files, insufficient buffer size might lead to corruption of the heap. Affected packages: Pardus 2009: vlc, all before 1.1.4-51-29 vlc-firefox, all before 1.1.4-51-29 Pardus 2011: vlc, all before 1.1.9-52-p11 vlc-devel, all before 1.1.9-52-p11 vlc-firefox, all before 1.1.9-52-p11 vlc-libs, all before 1.1.9-52-p11 vlc-lua, all before 1.1.9-52-p11 Resolution ========== There are update(s) for vlc, vlc-firefox, vlc-devel, vlc-libs, vlc-lua. You can update them via Package Manager or with a single command from console: Pardus 2009: pisi up vlc vlc-firefox Pardus 2011: pisi up vlc vlc-devel vlc-firefox vlc-libs vlc-lua References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17747 * http://www.videolan.org/security/sa1103.html ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security