Uočeno je više sigurnosnih propusta u radu programskog paketa VLC Media Player, distribuiranog s operacijskim sustavom Debian. VLC je multimedijski preglednik za čitanje DVDs, VCDs, MPEG, i DivX datoteka. Propusti su uočeni pri prepisivanju spremnika u "libdirectx_plugin.dll" i "demux/mkv/mkv.hpp" i drugim dekoderskim datotekama. Udaljenom napadaču spomenuti nedostaci omogućuju izvršavanje proizvoljnog programskog koda. Svim korisnicima paketa VLC Media Player savjetuje se njegova nadogradnja na novije inačice.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-2211-1 Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
http://www.debian.org/security/ Moritz Muehlenhoff
April 06, 2011 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : vlc
Vulnerability : missing input sanitising
Problem type : remote
Debian-specific: no
CVE ID : CVE-2010-3275 CVE-2010-3276
Ricardo Narvaja discovered that missing input sanitising in VLC, a
multimedia player and streamer, could lead to the execution of arbitrary
code if a user is tricked into opening a malformed media file.
This update also provides updated packages for oldstable (lenny) for
vulnerabilities, which have already been addressed in Debian stable
(squeeze), either during the freeze or in DSA-2159.
(CVE-2010-0522, CVE-2010-1441, CVE-2010-1442, CVE-2011-0531)
For the oldstable distribution (lenny), this problem has been fixed in
version 0.8.6.h-4+lenny3.
For the stable distribution (squeeze), this problem has been fixed in
version 1.1.3-1squeeze4.
For the unstable distribution (sid), this problem has been fixed in
version 1.1.8-1.
We recommend that you upgrade your vlc packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/
Mailing list: Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk2c2+8ACgkQXm3vHE4uylrq0ACgkgibtLZdhQ1Jr2SoXhvFYV65
nCIAnjJaRnmSQVPdSYK0AU0Harr1R+RA
=4ye4
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
with a subject of "unsubscribe". Trouble? Contact Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Archive: http://lists.debian.org/Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke