VLC: Multiple vulnerabilities — GLSA 201411-01

Multiple vulnerabilities have been found in VLC, the worst of which could lead to user-assisted execution of arbitrary code.

Affected packages

Background

VLC is a cross-platform media player and streaming server.

Description

Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details.

Impact

A remote attacker could entice a user to open a specially crafted media file using VLC, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/vlc-2.1.2"
 

References

• CVE-2010-1441
• CVE-2010-1442
• CVE-2010-1443
• CVE-2010-1444
• CVE-2010-1445
• CVE-2010-2062
• CVE-2010-2937
• CVE-2010-3124
• CVE-2010-3275
• CVE-2010-3276
• CVE-2010-3907
• CVE-2011-0021
• CVE-2011-0522
• CVE-2011-0531
• CVE-2011-1087
• CVE-2011-1684
• CVE-2011-2194
• CVE-2011-2587
• CVE-2011-2588
• CVE-2011-3623
• CVE-2012-0023
• CVE-2012-1775
• CVE-2012-1776
• CVE-2012-2396
• CVE-2012-3377
• CVE-2012-5470
• CVE-2012-5855
• CVE-2013-1868
• CVE-2013-1954
• CVE-2013-3245
• CVE-2013-4388
• CVE-2013-6283
• CVE-2013-6934

Release date
November 05, 2014

Latest revision
November 05, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 279340
• 285370
• 316709
• 332361
• 350933
• 352206
• 352776
• 353326
• 360189
• 363359
• 370321
• 375167
• 385953
• 395543
• 408881
• 414409
• 424435
• 442758
• 450438
• 454650
• 476436
• 486902
• 493710
• 499806