Summary: | <media-video/vlc-1.1.7: memory corruption, code execution (CVE-2011-0531) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.videolan.org/security/sa1102.html | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
![]() bumped to 1.1.7 (In reply to comment #1) > bumped to 1.1.7 > Great, thank you. Arches, please test and mark stable: =media-video/vlc-1.1.7 Target keywords : "alpha amd64 ppc ppc64 sparc x86" Adding, STABLEREQ; apologies for the bugspam. amd64 ok amd64 done. Thanks Agostino ppc/ppc64 stable Looks good to go on x86 also. I've encountered two things, but they're no regressions... USE="aalib -X" make[5]: Entering directory `/var/tmp/portage/media-video/vlc-1.1.7/work/vlc-1.1.7/modules/video_output' CC libaa_plugin_la-keythread.lo CC libaa_plugin_la-aa.lo CC libggi_plugin_la-ggi.lo aa.c:42:4: error: #error Xlib required due to XInitThreads CC libsvgalib_plugin_la-svgalib.lo make[5]: *** [libaa_plugin_la-aa.lo] Error 1 ------------ USE="sdl -X" CC libfb_plugin_la-fb.lo CC libggi_plugin_la-ggi.lo CC libvout_sdl_plugin_la-sdl.lo sdl.c:46:4: error: #error Xlib required due to XInitThreads make[5]: *** [libvout_sdl_plugin_la-sdl.lo] Error 1 stable x86, thanks Andreas Stable on alpha. sparc stable Thanks folks. Added to existing GLSA request. CVE-2011-0531 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0531): demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media player 1.1.6.1 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary commands via a crafted MKV (WebM or Matroska) file that triggers memory corruption, related to "class mismatching" and the MKV_IS_ID macro. This issue was resolved and addressed in GLSA 201411-01 at http://security.gentoo.org/glsa/glsa-201411-01.xml by GLSA coordinator Sean Amoss (ackle). |