Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 230692
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 230692 depends on: Show dependency tree
Bug 230692 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-07-03 23:59 0000 
Secunia writes:
Secunia Research has discovered a vulnerability in VLC Media Player, which can
be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an integer overflow error within the
"Open()" function in "modules/demux/wav.c". This can be exploited to cause a
heap-based buffer overflow via a specially crafted WAV file having an overly
large "fmt" chunk.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 0.8.6h on Windows. Prior versions may
also be affected.

Solution:
The vulnerability will be fixed in an upcoming version 0.8.6i.

Fixed in the GIT repository.
http://git.videolan.org/gitweb.cgi?p=vlc.git;a=commitdiff_plain;h=3de60bf5b886ad81d7c05d68dff7a1ba461c0ac1

------- Comment #1 From Alexis Ballier 2008-07-04 07:04:49 0000 ------- 
FYI: 0.9.0-test1 (_beta1 for us) isn't affected, but it is not really possible
to stabilise it yet. Imho we should wait for 0.8.6i that should come with a
couple of other bugfixes too.

------- Comment #2 From Christian Hoffmann 2008-07-04 09:50:22 0000 ------- 
As I understood it, this is a Windows-only problem. I already saw the advisory
some days ago (well, maybe it was only yesteday) and didnt file a bug for this
reason.

See http://securitytracker.com/alerts/2008/Jul/1020429.html -- it says
  Underlying OS:  Windows (Any)


Secunia ($URL) says:
  The vulnerability is confirmed in version 0.8.6h *on Windows*.

No idea whether this really means that only Windows is affected, the wording is
a bit ambiguous, imo.

------- Comment #3 From Robert Buchholz 2008-07-04 17:49:06 0000 ------- 
The Secunia advisory stated that it is confirmed with version 0.8.6h on
Windows, but that does not mean that only Windows versions are affected
(neither does it mean that 0.8.6g is unaffected). The code path that is changed
by the patch is not specific to Windows, so I would assume this issue affects
Linux.

------- Comment #4 From Robert Buchholz 2008-07-09 20:45:31 0000 ------- 
Any news on the new version?

------- Comment #5 From Alexis Ballier 2008-07-13 11:00:58 0000 ------- 
0.8.6i is in the tree now.

Videolan SA:
http://www.videolan.org/security/sa0806.html

Release notes:
http://wiki.videolan.org/Changelog/0.8.6i

Changes from current stable aslo contains:
http://wiki.videolan.org/Changelog/0.8.6h

------- Comment #6 From Robert Buchholz 2008-07-13 11:11:53 0000 ------- 
Arches, please test and mark stable:
=media-video/vlc-0.8.6i
Target keywords : "alpha amd64 ppc sparc x86"

------- Comment #7 From Raúl Porcel 2008-07-14 10:48:53 0000 ------- 
sparc/x86 stable

------- Comment #8 From Tobias Klausmann 2008-07-14 18:50:59 0000 ------- 
Stable on alpha.

------- Comment #9 From Tobias Scherbaum 2008-07-15 17:46:32 0000 ------- 
ppc stable

------- Comment #10 From Dawid Węgliński 2008-07-19 07:08:45 0000 ------- 
amd64 stable

------- Comment #11 From Tobias Heinlein 2008-07-20 19:00:18 0000 ------- 
GLSA request filed.

------- Comment #12 From Pierre-Yves Rofes 2008-07-31 18:25:26 0000 ------- 
GLSA 200807-13
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug