Univention Bugzilla – Bug 51205
vlc: Multiple issues (4.4)
Last modified: 2020-05-06 14:40:07 CEST
New Debian vlc 3.0.10-0+deb9u1 fixes: This update addresses the following issues: * An exploitable denial-of-service vulnerability exists in the resource record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the compression pointer is followed without checking for recursion, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. (CVE-2020-6071) * An exploitable code execution vulnerability exists in the label-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing compressed labels in mDNS messages, the rr_decode function's return value is not checked, leading to a double free that could be exploited to execute arbitrary code. An attacker can send an mDNS message to trigger this vulnerability. (CVE-2020-6072) * An exploitable denial-of-service vulnerability exists in the TXT record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing the RDATA section in a TXT record in mDNS messages, multiple integer overflows can be triggered, leading to a denial of service. An attacker can send an mDNS message to trigger this vulnerability. (CVE-2020-6073) * An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability. (CVE-2020-6077) * An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages in mdns_recv, the return value of the mdns_read_header function is not checked, leading to an uninitialized variable usage that eventually results in a null pointer dereference, leading to service crash. An attacker can send a series of mDNS messages to trigger this vulnerability. (CVE-2020-6078) * An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through decoding of the domain name performed by rr_decode. (CVE-2020-6079) * An exploitable denial-of-service vulnerability exists in the resource allocation handling of Videolabs libmicrodns 0.1.0. When encountering errors while parsing mDNS messages, some allocated data is not freed, possibly leading to a denial-of-service condition via resource exhaustion. An attacker can send one mDNS message repeatedly to trigger this vulnerability through the function rr_read_RR [5] reads the current resource record, except for the RDATA section. This is read by the loop at in rr_read. For each RR type, a different function is called. When the RR type is 0x10, the function rr_read_TXT is called at [6]. (CVE-2020-6080)
--- mirror/ftp/4.4/unmaintained/4.4-2/source/vlc_3.0.8-0+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-4/source/vlc_3.0.10-0+deb9u1.dsc @@ -1,3 +1,11 @@ +3.0.10-0+deb9u1 [Wed, 29 Apr 2020 09:02:27 +0200] Sebastian Ramacher <sramacher@debian.org>: + + * New upstream release + * debian/: Disable microdns plugin due to microdns security issues + (CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, + CVE-2020-6078, CVE-2020-6079, CVE-2020-6080) + * debian/patches: Fix build with stretch's libdvdread + 3.0.8-0+deb9u1 [Tue, 20 Aug 2019 20:58:05 +0200] Sebastian Ramacher <sramacher@debian.org>: * New upstream release. <http://10.200.17.11/4.4-4/#8037601542452533788>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-4] 575a0e263d Bug #51205: vlc 3.0.10-0+deb9u1 doc/errata/staging/vlc.yaml | 62 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+)
<http://errata.software-univention.de/ucs/4.4/587.html>