Debians sikkerhedsbulletin

DSA-2043-1 vlc -- heltalsoverløb

Rapporteret den:
11. maj 2010
Berørte pakker:
vlc
Sårbar:
Ja
Referencer i sikkerhedsdatabaser:
Der er pt. ingen tilgængelige eksterne sikkerhedsreferencer i andre databaser.
Yderligere oplysninger:

tixxDZ (DZCORE labs) opdagede en sårbarhed i multimedieafspilleren og -streameren vlc. Manglende validering af data i vlc's implementering af Real Data Transport (RDT), muliggjorde et heltalsunderløb og som følge deraf, en handling på en grænseløs bruffer. En ondsindet fremstillet stream kunne dermed gøre det muligt for en angriber, at udføre vilkårlig kode.

Der er ingen registrering hos projektet Common Vulnerabilities and Exposures vedrørende dette problem.

I den stabile distribution (lenny), er dette problem rettet i version 0.8.6.h-4+lenny2.3.

I distributionen testing (squeeze), er dette problem rettet i version 1.0.1-1.

Vi anbefaler at du opgraderer dine vlc-pakker.

Rettet i:

Debian GNU/Linux 5.0 (lenny)

Kildekode:
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.dsc
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h.orig.tar.gz
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_alpha.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_amd64.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_arm.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_arm.deb
ARM EABI:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_armel.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_armel.deb
HP Precision:
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_hppa.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_i386.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_ia64.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_ia64.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_mipsel.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_powerpc.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_s390.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_s390.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_sparc.deb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_sparc.deb

MD5-kontrolsummer for de listede filer findes i den originale sikkerhedsbulletin.