Univention Bugzilla – Bug 53635
vlc: Multiple issues (4.4)
Last modified: 2021-08-11 16:48:32 CEST
New Debian vlc 3.0.11-0+deb9u2 fixes: This update addresses the following issues: * A buffer overflow vulnerability in the __Parse_indx component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. (CVE-2021-25801) * A buffer overflow vulnerability in the AVI_ExtractSubtitle component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. (CVE-2021-25802) * A buffer overflow vulnerability in the vlc_input_attachment_New component of VideoLAN VLC Media Player 3.0.11 allows attackers to cause an out-of-bounds read via a crafted .avi file. (CVE-2021-25803) * A NULL-pointer dereference in "Open" in avi.c of VideoLAN VLC Media Player 3.0.11 can a denial of service (DOS) in the application. (CVE-2021-25804)
--- mirror/ftp/4.4/unmaintained/4.4-5/source/vlc_3.0.11-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/vlc_3.0.11-0+deb9u2.dsc @@ -1,3 +1,17 @@ +3.0.11-0+deb9u2 [Tue, 03 Aug 2021 13:53:11 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2021-25801: A buffer overflow vulnerability in the __Parse_indx + component allowed attackers to cause an out-of-bounds read via a crafted + .avi file. + * CVE-2021-25802: A buffer overflow vulnerability in the AVI_ExtractSubtitle + component could have allowed attackers to cause an out-of-bounds read via a + crafted .avi file. + * CVE-2021-25803: A buffer overflow vulnerability in the + vlc_input_attachment_New component allowed attackers to cause an + out-of-bounds read via a specially-crafted .avi file. + * CVE-2021-25804: A NULL-pointer dereference in "Open" in avi.c can result in + a denial of service (DoS) vulnerability. + 3.0.11-0+deb9u1 [Mon, 15 Jun 2020 23:12:02 +0200] Sebastian Ramacher <sramacher@debian.org>: * New upstream release <http://piuparts.knut.univention.de/4.4-8/#4033823145912759852>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] a072eb3bf3 Bug #53635: vlc 3.0.11-0+deb9u2 doc/errata/staging/vlc.yaml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) [4.4-8] c11b2f4a53 Bug #53635: vlc 3.0.11-0+deb9u2 doc/errata/staging/vlc.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1026>