Package: vlc Version: 0.8.6-svn20061012.debian-1 Severity: critical Tags: security Justification: root security hole
Description: Multiple vulnerabilities have been identified in VideoLAN VLC, which could be exploited by attackers to take complete control of an affected system. These issues are due to format string errors in the "cdio_log_handler()" and "vcd_log_handler()" functions that call "msg_Dbg()", "msg_Warn()", and "msg_Err()" in an insecure manner, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page or opening a malicious M3U playlist. Affected: VideoLAN VLC version 0.8.6 and prior Solution: A fix is available via SVN : http://trac.videolan.org/vlc/changeset/18481 References: http://www.frsirt.com/english/advisories/2007/0026 http://projects.info-pull.com/moab/MOAB-02-01-2007.html -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-3-486 Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8) -- .''`. : :' : Alex de Oliveira Silva | enerv `. `' www.enerv.net `- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
