Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 235238
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 235238 depends on: 235589 Show dependency tree
Bug 235238 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-08-19 22:25 0000 
Secunia writes:
g_ has discovered a vulnerability in VLC Media Player, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to an integer overflow error within
the "Open()" function in modules/demux/tta.c. This can be exploited
to cause a heap-based buffer overflow via specially crafted TTA
data.

Successful exploitation may potentially allow execution of arbitrary
code.

The vulnerability is confirmed in version 0.8.6i. Other versions may
also be affected.

SOLUTION:
Do not open untrusted files using VLC Media Player.

PROVIDED AND/OR DISCOVERED BY:
g_, Orange Bat

ORIGINAL ADVISORY:
http://www.orange-bat.com/adv/2008/adv.08.16.txt

------- Comment #1 From Alexis Ballier 2008-08-22 09:09:26 0000 ------- 
0.8.6i-r1 is fixed and is the stable candidate. 0.9 (ie for ~arch) will be
fixed when 0.9.0 final will be released (it was expected this week end last I
heard).
There will probably be no 0.8.6j release but 0.9.0 is still too young, so we
shall go with a -r1.

Also, please have a look at:
http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048308.html

------- Comment #2 From Robert Buchholz 2008-08-22 09:44:54 0000 ------- 
(In reply to comment #1)
> Also, please have a look at:
> http://mailman.videolan.org/pipermail/vlc-devel/2008-August/048308.html

Thanks for the pointer. 'very unlikely' is not good enough to decrease
severity, but good to know. Concerning CVE not contacting upstream: That's
normal procedure, often the information gets upstream through distributions.

------- Comment #3 From Robert Buchholz 2008-08-22 09:45:50 0000 ------- 
Arches, please test and mark stable:
=media-video/vlc-0.8.6i-r1
Target keywords : "alpha amd64 ppc sparc x86"

------- Comment #4 From Friedrich Oslage 2008-08-22 18:47:05 0000 ------- 
sparc stable

------- Comment #5 From Markus Meier 2008-08-22 20:53:36 0000 ------- 
amd64/x86 stable

------- Comment #6 From Robert Buchholz 2008-08-24 13:46:14 0000 ------- 
arches, please stable per bug 235589.

------- Comment #7 From Pierre-Yves Rofes 2008-09-07 19:31:06 0000 ------- 
GLSA 200809-06
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug