| Description: | Summary:
The remote host is missing an update for the Debian 'vlc' package(s) announced via the DSA-1819-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in vlc, a multimedia player and streamer. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-1768
Drew Yao discovered that multiple integer overflows in the MP4 demuxer, Real demuxer and Cinepak codec can lead to the execution of arbitrary code.
CVE-2008-1769
Drew Yao discovered that the Cinepak codec is prone to a memory corruption, which can be triggered by a crafted Cinepak file.
CVE-2008-1881
Luigi Auriemma discovered that it is possible to execute arbitrary code via a long subtitle in an SSA file.
CVE-2008-2147
It was discovered that vlc is prone to a search path vulnerability, which allows local users to perform privilege escalations.
CVE-2008-2430
Alin Rad Pop discovered that it is possible to execute arbitrary code when opening a WAV file containing a large fmt chunk.
CVE-2008-3794
Pinar Yanardag discovered that it is possible to execute arbitrary code when opening a crafted mmst link.
CVE-2008-4686
Tobias Klein discovered that it is possible to execute arbitrary code when opening a crafted .ty file.
CVE-2008-5032
Tobias Klein discovered that it is possible to execute arbitrary code when opening an invalid CUE image file with a crafted header.
For the oldstable distribution (etch), these problems have been fixed in version 0.8.6-svn20061012.debian-5.1+etch3.
For the stable distribution (lenny), these problems have been fixed in version 0.8.6.h-4+lenny2, which was already included in the lenny release.
For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 0.8.6.h-5.
We recommend that you upgrade your vlc packages.
Affected Software/OS:
'vlc' package(s) on Debian 4.
Solution:
Please install the updated package(s).
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
