Bug 51205 - vlc: Multiple issues (4.4)
vlc: Multiple issues (4.4)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 4.4
All Linux
: P5 normal (vote)
: UCS 4.4-4-errata
Assigned To: Quality Assurance
Erik Damrose
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-05-04 08:51 CEST by Quality Assurance
Modified: 2020-05-06 14:40 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score: 0.0 () NVD


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2020-05-04 08:51:22 CEST
New Debian vlc 3.0.10-0+deb9u1 fixes:
This update addresses the following issues:
* An exploitable denial-of-service vulnerability exists in the resource  record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing  compressed labels in mDNS messages, the compression pointer is followed  without checking for recursion, leading to a denial of service. An attacker  can send an mDNS message to trigger this vulnerability. (CVE-2020-6071)
* An exploitable code execution vulnerability exists in the label-parsing  functionality of Videolabs libmicrodns 0.1.0. When parsing compressed  labels in mDNS messages, the rr_decode function's return value is not  checked, leading to a double free that could be exploited to execute  arbitrary code. An attacker can send an mDNS message to trigger this  vulnerability. (CVE-2020-6072)
* An exploitable denial-of-service vulnerability exists in the TXT  record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing  the RDATA section in a TXT record in mDNS messages, multiple integer  overflows can be triggered, leading to a denial of service. An attacker can  send an mDNS message to trigger this vulnerability. (CVE-2020-6073)
* An exploitable denial-of-service vulnerability exists in the  message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing  mDNS messages, the implementation does not properly keep track of the  available data in the message, possibly leading to an out-of-bounds read  that would result in a denial of service. An attacker can send an mDNS  message to trigger this vulnerability. (CVE-2020-6077)
* An exploitable denial-of-service vulnerability exists in the  message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing  mDNS messages in mdns_recv, the return value of the mdns_read_header  function is not checked, leading to an uninitialized variable usage that  eventually results in a null pointer dereference, leading to service crash.  An attacker can send a series of mDNS messages to trigger this  vulnerability. (CVE-2020-6078)
* An exploitable denial-of-service vulnerability exists in the resource  allocation handling of Videolabs libmicrodns 0.1.0. When encountering  errors while parsing mDNS messages, some allocated data is not freed,  possibly leading to a denial-of-service condition via resource exhaustion.  An attacker can send one mDNS message repeatedly to trigger this  vulnerability through decoding of the domain name performed by rr_decode.  (CVE-2020-6079)
* An exploitable denial-of-service vulnerability exists in the resource  allocation handling of Videolabs libmicrodns 0.1.0. When encountering  errors while parsing mDNS messages, some allocated data is not freed,  possibly leading to a denial-of-service condition via resource exhaustion.  An attacker can send one mDNS message repeatedly to trigger this  vulnerability through the function rr_read_RR [5] reads the current  resource record, except for the RDATA section. This is read by the loop at  in rr_read. For each RR type, a different function is called. When the RR  type is 0x10, the function rr_read_TXT is called at [6]. (CVE-2020-6080)
Comment 1 Quality Assurance univentionstaff 2020-05-04 09:00:36 CEST
--- mirror/ftp/4.4/unmaintained/4.4-2/source/vlc_3.0.8-0+deb9u1.dsc
+++ apt/ucs_4.4-0-errata4.4-4/source/vlc_3.0.10-0+deb9u1.dsc
@@ -1,3 +1,11 @@
+3.0.10-0+deb9u1 [Wed, 29 Apr 2020 09:02:27 +0200] Sebastian Ramacher <sramacher@debian.org>:
+
+  * New upstream release
+  * debian/: Disable microdns plugin due to microdns security issues
+     (CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077,
+     CVE-2020-6078, CVE-2020-6079, CVE-2020-6080)
+  * debian/patches: Fix build with stretch's libdvdread
+
 3.0.8-0+deb9u1 [Tue, 20 Aug 2019 20:58:05 +0200] Sebastian Ramacher <sramacher@debian.org>:
 
   * New upstream release.

<http://10.200.17.11/4.4-4/#8037601542452533788>
Comment 2 Erik Damrose univentionstaff 2020-05-05 17:46:41 CEST
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-4] 575a0e263d Bug #51205: vlc 3.0.10-0+deb9u1
 doc/errata/staging/vlc.yaml | 62 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 62 insertions(+)
Comment 3 Erik Damrose univentionstaff 2020-05-06 14:40:07 CEST
<http://errata.software-univention.de/ucs/4.4/587.html>