Debian Security Advisory DSA 2159-1 (vlc) Network Vulnerability

Summary

The remote host is missing an update to vlc announced via advisory DSA 2159-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202159-1

Insight

Dan Rosenberg discovered that insufficient input validation in VLC's processing of Matroska/WebM containers could lead to the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in version 1.1.3-1squeeze3. The version of vlc in the oldstable distribution (lenny) is affected by further issues and will be addressed in a followup DSA. For the unstable distribution (sid), this problem has been fixed in version 1.1.7-1. We recommend that you upgrade your vlc packages.

Severity

Classification

CVE CVE-2011-0531

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
Debian Security Advisory DSA 1049-1 (ethereal)
Debian Security Advisory DSA 085-1 (nvi, nvi-m17n)
Debian Security Advisory DSA 075-1 (netkit-telnet-ssl)
Debian Security Advisory DSA 1045-1 (openvpn)

Take action and discover your vulnerabilities