Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 2043-1] New vlc packages fix arbitrary code execution (

From Devin Carraway@1:229/2 to All on Tue May 11 10:00:02 2010

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-2043-1 [email protected] http://www.debian.org/security/ Devin Carraway
May 11, 2010 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : vlc
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no

tixxDZ (DZCORE labs) discovered a vulnerability in vlc, the multimedia
player and streamer. Missing data validation in vlc's real data transport (RDT) implementation enable an integer underflow and consequently an
unbounded buffer operation. A maliciously crafted stream could thus enable
an attacker to execute arbitrary code.

No Common Vulnerabilities and Exposures project identifier is available for this issue.

For the stable distribution (lenny), this problem has been fixed in version 0.8.6.h-4+lenny2.3.

For the testing distribution (squeeze), this problem was fixed in version 1.0.1-1.

We recommend that you upgrade your vlc packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.dsc
Size/MD5 checksum: 3082 6d0733f7509888eb5794b8472b99d7ff
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h.orig.tar.gz
Size/MD5 checksum: 16977154 9b3e15802b482cb12e79d2eb8cc4ea98
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3.diff.gz
Size/MD5 checksum: 45790 aecd1047e2c775dddb1f0c452997686b

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 7030 1e0640617b2d1d7c134ce16b459dc6fb
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 4482 3bca20543bb595afaf6f0ebc96677ac1
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 749162 8eed672f93a157c73febe9c7dfe00721
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 1313336 6d34c5e3d4777b5a5b25c1664f507d20
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 13164 4725222d0582c115f74a288e3b7be295
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 5098 fbd83718fd1250d9ae4108a01486ba8c
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 42250 36c7161ebc7e4a4ade88e151940eaf7e
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 547146 4355b40cd7e611559be74d5daf9d342b
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 5360 70c37f4cc208060ae7344fd1660354f9
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_alpha.deb
Size/MD5 checksum: 5364540 2aa006058086f601d18aa7092027d3b8

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 6240 7befb38587bc66cc2664f5f4b9d6d856
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 4940216 d39c277184ff2a04bac6dc74102b628b
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 37430 0185809ddaf0680ef1b6bc39eb68f289
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 11736 c0fab2bdad06343ae70ef3746148a04c
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 4808 527812d4ce1f0fc35d94866cf63629d5
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 4228 95638af8b9294baa29d9a0132c7c5aea
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 464632 5318169f7995056f4d8f3f838845dd7f
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 4584 5bde9f4290e94c6bea5fa360564eb398
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 4992 5e95335f96d367c5fe6db33379c98134
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 1098934 6490a07517c0c8ddd06d07c28fea4d3c
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_amd64.deb
Size/MD5 checksum: 503602 f3283c7f83fa145e37451b1b387aa2b6

arm architecture (ARM)

http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6.h-4+lenny2.3_arm.deb
Size/MD5 checksum: 5684 2e6aa6dffc515a4afeebb4cd3a193aca
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6.h-4+lenny2.3_arm.deb
Size/MD5 checksum: 451878 bf1f672c4c4e572568cf7751c66f453d
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-jack_0.8.6.h-4+lenny2.3_arm.deb
Size/MD5 checksum: 4922 21ed8194248ed5e72339d66ea3792a57
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6.h-4+lenny2.3_arm.deb
Size/MD5 checksum: 30820 aab5ab73c2d6142053fe0e5abe834fb1

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	161:50:51
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,778

[SECURITY] [DSA 2043-1] New vlc packages fix arbitrary code execution (

Who's Online

Recent Visitors

System Info