Debian Security Advisory

DLA-306-1 libvdpau -- LTS security update

Date Reported:
10 Sep 2015
Affected Packages:
libvdpau
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 797895.
In Mitre's CVE dictionary: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200.
More information:

Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.

For Debian 6 Squeeze, these problems have been fixed in libvdpau version 0.4.1-2+deb6u1. See DSA 3355-1 for information on other Debian releases.

We recommend that you upgrade your libvdpau packages.