Debian: DSA-1819-1: New vlc packages fix several vulnerabilities

    Date 18 Jun 2009
    Posted By LinuxSecurity Advisories
    Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems:
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA-1819-1                  This email address is being protected from spambots. You need JavaScript enabled to view it.                         Steffen Joeris
    June 18, 2009         
    - ------------------------------------------------------------------------
    Package        : vlc               
    Vulnerability  : several vulnerabilities
    Problem type   : local (remote)         
    Debian-specific: no                     
    CVE Ids        : CVE-2008-1768 CVE-2008-1769 CVE-2008-1881 CVE-2008-2147 
                     CVE-2008-2430 CVE-2008-3794 CVE-2008-4686 CVE-2008-5032 
    Debian Bugs    : 478140 477805 489004 496265 503118 504639 480724        
    Several vulnerabilities have been discovered in vlc, a multimedia player
    and streamer. The Common Vulnerabilities and Exposures project          
    identifies the following problems:                                      
    Drew Yao discovered that multiple integer overflows in the MP4 demuxer,
    Real demuxer and Cinepak codec can lead to the execution of arbitrary  
    Drew Yao discovered that the Cinepak codec is prone to a memory
    corruption, which can be triggered by a crafted Cinepak file.  
    Luigi Auriemma discovered that it is possible to execute arbitrary code
    via a long subtitle in an SSA file.
    It was discovered that vlc is prone to a search path vulnerability,
    which allows local users to perform privilege escalations.
    Alin Rad Pop discovered that it is possible to execute arbitrary code
    when opening a WAV file containing a large fmt chunk.
    Pınar Yanardağ discovered that it is possible to execute arbitrary code
    when opening a crafted mmst link.
    Tobias Klein discovered that it is possible to execute arbitrary code
    when opening a crafted .ty file.
    Tobias Klein discovered that it is possible to execute arbitrary code
    when opening an invalid CUE image file with a crafted header.
    For the oldstable distribution (etch), these problems have been fixed
    in version 0.8.6-svn20061012.debian-5.1+etch3.
    For the stable distribution (lenny), these problems have been fixed in
    version 0.8.6.h-4+lenny2, which was already included in the lenny
    For the testing distribution (squeeze) and the unstable distribution
    (sid), these problems have been fixed in version 0.8.6.h-5.
    We recommend that you upgrade your vlc packages.
    Upgrade instructions
    - --------------------
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 4.0 alias etch
    - -------------------------------
    Debian (oldstable)
    - ------------------
    Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    Source archives:
        Size/MD5 checksum: 15168393 30c18a2fdc4105606033ff6e6aeab81c
        Size/MD5 checksum:  2390010 aacfe6dc712b98ae872794d9d70fe1e3
        Size/MD5 checksum:     2622 bc3a4f4ee0ecd699820b478e96beecad
    Architecture independent packages:
        Size/MD5 checksum:      778 62c36d9c3fe088478b442efec17b5b7e
        Size/MD5 checksum:      786 12f8c6ef696cb7c6b8b1e33b313f72f0
    alpha architecture (DEC Alpha)
        Size/MD5 checksum:     5028 1c44834297096fe893775a5d95d1913b
        Size/MD5 checksum:     4444 ad948e7f91e08a0261a009a62bd2a76b
        Size/MD5 checksum:  1157956 da37f9efbdef57c192781d775818e042
        Size/MD5 checksum:    40298 3c6639b6241c035f35508ed2b41e94b7
        Size/MD5 checksum:  5169476 7342181513646f6562051fe843dab946
        Size/MD5 checksum:    13048 63b8dfc325bf011cd9ab2762ac404da8
        Size/MD5 checksum:    20162 9fd790aaa1a58aaa7de59ca17eec2ea9
        Size/MD5 checksum:  1306476 230f2731958e3d9740198c66b7a14531
        Size/MD5 checksum:     6942 96f9d8b30b4c66b9d81a47e3f6141b7a
    amd64 architecture (AMD x86_64 (AMD64))
        Size/MD5 checksum:    20226 73bbae9c7491cb8fb99ae3c9e3b34670
        Size/MD5 checksum:    11336 623ceac24cb2a59cbbdb96723c7feb4d
        Size/MD5 checksum:     6054 99babdfe76e9ce755f36add0f01750bb
        Size/MD5 checksum:  4667204 0304843fa1801c73ddd1b3e38cb66adf
        Size/MD5 checksum:   951212 9b43d2bc0cbc149000e904d4251e05a0
        Size/MD5 checksum:    36766 db3ee54d447f07bf7baf12dd69ebba3f
        Size/MD5 checksum:     4518 24bd15d1aa8f929e5e122130931a3bdd
        Size/MD5 checksum:     4188 9c82be723419ef7c45c28fa850d8a006
        Size/MD5 checksum:  1144154 67bc1eb6d916e8fa6dd6f55e283f7c08
    arm architecture (ARM)
        Size/MD5 checksum:     4206 41e5a43abe8480afefb61b0a539b7170
        Size/MD5 checksum:    20124 41ef717a928b54131f6576645fb11aae
        Size/MD5 checksum:     6096 431cb2ba76f85a4fc8a2e12d3f0fbb7a
        Size/MD5 checksum:   998448 9f638f133362b620b1a25be555774f62
        Size/MD5 checksum:  1262714 9aca627018c73b385c1585f67e611c85
        Size/MD5 checksum:    33318 b34aa4d414f141614bf8e24a2fa7d1f5
        Size/MD5 checksum:  4720770 6084cfde985ecc782d131d87376d5631
        Size/MD5 checksum:    10810 05901b3cb763c6df7512e95b21ae3057
        Size/MD5 checksum:     5582 089ffa3b5ab140334680b9d420f28fe2
    hppa architecture (HP PA RISC)
        Size/MD5 checksum:     6970 9f4a68eee0c5c64b3020417d4c94a2ea
        Size/MD5 checksum:     7802 15eb78a9af99e4621e8e16c1db792a83
        Size/MD5 checksum:     5360 fd9392b53054be7cf8a875ead65b74ae
        Size/MD5 checksum:    46662 231785bcf877904edc5689be92765764
        Size/MD5 checksum:  5241886 ecf4256f3266b72398d3102d778e0c0b
        Size/MD5 checksum:    20090 7245b16edcd128fa86d6dbc25e9acdf3
        Size/MD5 checksum:    13752 5c113155b10404e94aa695346eec0437
        Size/MD5 checksum:  1083956 3b4c77690fbe73efe95ad664487edf3d
        Size/MD5 checksum:  1374550 c09d8dc3870426212a7be03c49f77be3
    i386 architecture (Intel ia32)
        Size/MD5 checksum:  1137756 c55814ba9192c4c2c81a983bfb3b0b4d
        Size/MD5 checksum:    10714 fb4d96ed4c70d57410aa1b9a3686d04c
        Size/MD5 checksum:     4138 f137b88a817cc34f4ce3bece8f95d0b5
        Size/MD5 checksum:  4652906 3321d798ec1146fea206b6e4120a0801
        Size/MD5 checksum:    20104 5742bd41d213b498063e8070723361cf
        Size/MD5 checksum:   959380 1c496575c6b3966348595a2ee9b5b822
        Size/MD5 checksum:    36190 82b82e147a2460780cfda4d67e27acc4
        Size/MD5 checksum:     4820 2bf05cc5740357c059ca66feabf406b2
        Size/MD5 checksum:     5842 48a4e79963b7da791c165c484fc11d76
        Size/MD5 checksum:     4106 71906ef569dc94bbddbec713289ef3a8
        Size/MD5 checksum:     4536 b02d59bd875bbd9b36c4dc54a16f1992
    ia64 architecture (Intel ia64)
        Size/MD5 checksum:     9096 fa4b850dadb0a697004617e968851d3a
        Size/MD5 checksum:     5444 85afaf61e92a664c7b903031d169eb5a
        Size/MD5 checksum:    17178 00ac774370b4016649ad172bc84667f2
        Size/MD5 checksum:    49096 e07daab8ac4e5ea3427fdbadfa671aba
        Size/MD5 checksum:  5905658 164b7902e5e5d5f511305632b6f6a812
        Size/MD5 checksum:     6206 d0ae6c6462bdc873a845048ecb4fae4b
        Size/MD5 checksum:  1459396 ea5d66259ff182a5c343dbf490274bbe
        Size/MD5 checksum:    20130 3b611aaac099317e626c4b81d5ee9bc4
        Size/MD5 checksum:  1568890 d44cfd0dc33d34aaa3b106a79f806382
    mips architecture (MIPS (Big Endian))
        Size/MD5 checksum:    12262 48790d9a97eab369ec9aa3529684f206
        Size/MD5 checksum:    35552 a47c2e52b8f829383addd5f7fb286c5c
        Size/MD5 checksum:     6846 2b36dbc841cd22299aa175a4f1e65ca8
        Size/MD5 checksum:     4492 4fc39c1471bca127f178856da0c8518e
        Size/MD5 checksum:  1113268 cfc2795f1ccaf23a35e9102345bf0c65
        Size/MD5 checksum:     5962 df95686291e5fc52d130b4b4e425fe45
        Size/MD5 checksum:    20126 4d8ef48d4fd233f1fe1bf3335022fb43
        Size/MD5 checksum:  1005096 ab3c1942a9fa822091cee3c76660594c
        Size/MD5 checksum:  4974220 6d7b51e1122a376ff6f0a04a660e9ed6
    mipsel architecture (MIPS (Little Endian))
        Size/MD5 checksum:     5916 dc0c51da2d60b705ae3938824c0a941e
        Size/MD5 checksum:   922780 d81949c76c6fdf1ea138961cbe0f36be
        Size/MD5 checksum:     6718 5530126155e75c9ed883ac2861c79b96
        Size/MD5 checksum:  1005626 7fd2f06e879625a7121164353d65df6f
        Size/MD5 checksum:    11946 80eeb122e2bbf4c9b2e430f3513115cc
        Size/MD5 checksum:    34624 305feab6d4ead93fd6d76239d05732b0
        Size/MD5 checksum:  4668688 27f431fe153b7efee925ef04c1a9befe
        Size/MD5 checksum:     4480 a4684079cd594e316d62cf28e8c76adf
        Size/MD5 checksum:    20136 77fbce0f999345f0afdf0650a7794647
    powerpc architecture (PowerPC)
        Size/MD5 checksum:  1191316 b6ef4d881376ef204278456a57166236
        Size/MD5 checksum:     5626 cdd05580d5e1c7653d13a07167274c45
        Size/MD5 checksum:  1022198 8cdf75ed5cd61cf5e2ae7b297b7819e5
        Size/MD5 checksum:    38260 b9681d0824ead229fa9c2a42c2516017
        Size/MD5 checksum:     6910 d0bca6f30f15af804d044d666042d1ce
        Size/MD5 checksum:     7988 cfed8cf8c2c864be55373ce15e23d3f0
        Size/MD5 checksum:  5116308 105e08206811fe472412382a85c811e1
        Size/MD5 checksum:    13714 ae7ec3ac6f7d1fdfab774d54958965aa
        Size/MD5 checksum:    20270 d4c85cb0405292434d7537bd9e4b4494
    s390 architecture (IBM S/390)
        Size/MD5 checksum:     4300 eda9d5b506dd1a70ef73bb592b58c3ef
        Size/MD5 checksum:     6052 25aff1e5103edb5a9f734710d6b589b9
        Size/MD5 checksum:    38336 08f2d6171ebb761babf664eb37ebe784
        Size/MD5 checksum:  1019556 478a55d6631a2fba2267a8cd3dbd19f2
        Size/MD5 checksum:    11412 a1e43e44ed1c20efd323adb4d48b90a6
        Size/MD5 checksum:  4860616 92fef2c23dccb82e00bbc7c016d4dd21
        Size/MD5 checksum:    20138 566c8573bef9cb08134ba1fe000b40a4
        Size/MD5 checksum:     6322 67e8fd4b37cb84c6e59f5de27f21eb13
        Size/MD5 checksum:  1172942 c30ffacd5c961e3b3f295b9e7ab175f2
    sparc architecture (Sun SPARC/UltraSPARC)
        Size/MD5 checksum:    33310 bc7e610c4085598763e056f255429873
        Size/MD5 checksum:  4683530 04cd5bf600eca4c872cb802d767deb0a
        Size/MD5 checksum:    19924 4988a8da8b1e97514c747a6964f7f856
        Size/MD5 checksum:     5752 7584f5b967b245d7a0db7eb47fef5547
        Size/MD5 checksum:     4756 4526e8e7fceb344711f60ccaf3acfaa1
        Size/MD5 checksum:  1193282 76e99484e3d54569b80770a493ad2e49
        Size/MD5 checksum:   951186 2a21b9e1e6edd1d7a32a51abf3f782f3
        Size/MD5 checksum:     3920 ea9aff23630aa00dfcd37cb98df22408
        Size/MD5 checksum:    10404 d9ea8f6e0096234c4d9bdf9595eb5dbe
      These files will probably be moved into the stable distribution on
      its next update.
    - ---------------------------------------------------------------------------------
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    Do you feel that the Lawful Access to Encrypted Data Act, which aims to force encryption backdoors, is a threat to US citizens' privacy?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"106","title":"Yes - I am a privacy advocate and I am strongly opposed to this bill.","votes":"7","type":"x","order":"1","pct":100,"resources":[]},{"id":"107","title":"I'm undecided - it has its pros and cons.","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"108","title":"No - I support this bill and feel that it will help protect against crime and threats to our national security. ","votes":"0","type":"x","order":"3","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
    bottom 200


    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.