Advisories » MGASA-2015-0364

Updated libvdpau packages fix security vulnerabilities

Publication date: 13 Sep 2015
Modification date: 13 Sep 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-5198 , CVE-2015-5199 , CVE-2015-5200

Description

Updated libvdpau packages fix security vulnerabilities:

libvdpau versions 1.1 and earlier, when used in setuid or setgid applications,
contain vulnerabilities related to environment variable handling that could
allow an attacker to execute arbitrary code or overwrite arbitrary files
(CVE-2015-5198, CVE-2015-5199, and CVE-2015-5200).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=16687
• http://lists.x.org/archives/xorg-announce/2015-August/002630.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5198
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5199
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5200

SRPMS

4/core

• libvdpau-1.1.1-1.mga4

5/core

• libvdpau-1.1.1-1.mga5