Pardus: 2011-99: vlc: Integer Overflow

Posted by Benjamin D. Thomas
A vulnerability has been fixed in vlc.
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-99            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-07-14
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in vlc.


Description
==========
CVE-2011-2194:

Integer overflow in the XSPF playlist parser in VLC 0.8.5 through 1.1.9
allows remote attackers to  cause  a  denial  of  service  (crash)  and
possibly execute arbitrary code via unspecified vectors that trigger  a
heap-based buffer overflow.



Affected packages:

  Pardus 2009:
    vlc, all before 1.1.4-52-30
    vlc-firefox, all before 1.1.4-52

  Pardus 2011:
    vlc, all before 1.1.10-55-p11


Resolution
=========
There are update(s) for vlc,  vlc-firefox.  You  can  update  them  via
Package Manager or with a single command from console:

  Pardus 2009:
    pisi up vlc vlc-firefox

  Pardus 2011:
    pisi up vlc


References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id346

------------------------------------------------------------------------