[Full-disclosure] [PLSA 2008-29] Vlc: Multiple Vulnerabilities

From: PÄ±nar YanardaÄŸ <pinar_at_nospam>
Date: Mon Aug 25 2008 - 00:42:03 GMT
To: pardus-security@pardus.org.tr

Pardus Linux Security Advisory 2008-29 security@pardus.org.tr

Date: 2008-08-25 Severity: 3 Type: Remote ------------------------------------------------------------------------

Summary

Multiple vulnerabilities have discovered by g_ which potentially can be exploited by malicious people to compromise a user's system.

Description

First vulnerability is caused due to an integer overflow error within the "Open()" function in modules/demux/tta.c. This can be exploited to cause a heap-based buffer overflow via specially crafted TTA data. Successful exploitation may potentially allow execution of arbitrary code.

Also, a heap overflow in MMS Protocol Handling can be exploited from remote.

Affected packages:

Pardus 2008: vlc, all before 0.8.6i-23-10 vlc-firefox, all before 0.8.6i-23-10

Resolution

There are update(s) for vlc, vlc-firefox. You can update them via Package Manager or with a single command from console:

pisi up vlc vlc-firefox

References

-- PÄ±nar YanardaÄŸ Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

This message: [ Message body ]
Next message: PÄ±nar YanardaÄŸ: "[Full-disclosure] [PLSA 2008-30] Vim: Arbitrary code execution"
Previous message: PÄ±nar YanardaÄŸ: "[Full-disclosure] [PLSA 2008-28] Libxml2: Denial of Service"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]