From Mageia wiki
Jump to: navigation, search

MGASA-2013-0022

Date: February 6th, 2013
Affected releases: 2
Media: Core, Tainted


Description:
Updated vlc packages fix security vulnerabilities:

VLC media player 2.0.4 and earlier are vulnerable to buffer overflows in
the freetype renderer and HTML subtitle parser. When parsing a specially
crafted file, a buffer overflow might occur. If successful, a malicious
third party could trigger an invalid memory access, leading to a crash of
VLC or arbitratry code execution (VideoLAN-SA-1301).

VLC media player 2.0.5 and earlier are vulnerable to a buffer overflow in
the ASF demuxer. When parsing a specially crafted ASF movie, a buffer
overflow might occur. If successful, a malicious third party could trigger
an invalid memory access, leading to a crash of VLC media player's process.
In some cases attackers might exploit this issue to execute arbitrary code
within the context of the application but this information is not confirmed
(VideoLAN-SA-1302).

Additionally, this update removes the vlc-plugin-ggi and vlc-plugin-svgalib
packages from Mageia 1 that no longer exist in Mageia 2.


Updated Packages:
i586:
libvlc5-2.0.3-2.4.mga2.i586.rpm
libvlccore5-2.0.3-2.4.mga2.i586.rpm
libvlc-devel-2.0.3-2.4.mga2.i586.rpm
svlc-2.0.3-2.4.mga2.i586.rpm
vlc-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-common-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.i586.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.i586.rpm
libvlc5-2.0.3-2.4.mga2.tainted.i586.rpm
libvlccore5-2.0.3-2.4.mga2.tainted.i586.rpm
libvlc-devel-2.0.3-2.4.mga2.tainted.i586.rpm
svlc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-common-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.tainted.i586.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.tainted.i586.rpm

x86_64:
lib64vlc5-2.0.3-2.4.mga2.x86_64.rpm
lib64vlccore5-2.0.3-2.4.mga2.x86_64.rpm
lib64vlc-devel-2.0.3-2.4.mga2.x86_64.rpm
svlc-2.0.3-2.4.mga2.x86_64.rpm
vlc-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-common-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.x86_64.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.x86_64.rpm
lib64vlc5-2.0.3-2.4.mga2.tainted.x86_64.rpm
lib64vlccore5-2.0.3-2.4.mga2.tainted.x86_64.rpm
lib64vlc-devel-2.0.3-2.4.mga2.tainted.x86_64.rpm
svlc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-aa-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-bonjour-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-common-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-dv-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-flac-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-fluidsynth-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-gme-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-gnutls-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-jack-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-kate-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-libass-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-libnotify-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-lirc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-lua-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-mod-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-mpc-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-ncurses-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-opengl-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-projectm-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-pulse-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-schroedinger-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-sdl-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-shout-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-speex-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-theora-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-twolame-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-upnp-2.0.3-2.4.mga2.tainted.x86_64.rpm
vlc-plugin-zvbi-2.0.3-2.4.mga2.tainted.x86_64.rpm

SRPMS:
vlc-2.0.3-2.4.mga2.src.rpm
vlc-2.0.3-2.4.mga2.tainted.src.rpm


References:
http://www.videolan.org/security/sa1301.html
http://www.videolan.org/security/sa1302.html
https://bugs.mageia.org/show_bug.cgi?id=8159

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2013-0022&oldid=13981"