{ "schema_version": "1.6.2", "id": "MGASA-2015-0095", "published": "2015-03-05T22:05:29Z", "modified": "2015-07-09T07:56:53Z", "summary": "Updated vlc package fixes security vulnerability", "details": "Updated vlc packages (2.1.6) are an upgrade with some fixes. Some of the\nproblems fixed upstream were already fixed by a previous Mageia update\nto VLC (see the link to MGASA-2015-0053).\n\nVLC versions before 2.1.5 contain a vulnerability in the transcode module\nthat may allow a corrupted stream to overflow buffers on the heap. With a\nnon-malicious input, this could lead to heap corruption and a crash.\nHowever, under the right circumstances, a malicious attacker could\npotentially use this vulnerability to hijack program execution, and on\nsome platforms, execute arbitrary code (CVE-2014-6440)\n", "related": [ "CVE-2014-6440" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2015-0095.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=15384" }, { "type": "REPORT", "url": "http://openwall.com/lists/oss-security/2015/03/05/2" } ], "affected": [ { "package": { "ecosystem": "Mageia:4", "name": "vlc", "purl": "pkg:rpm/mageia/vlc?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.1.6-1.0.mga4" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:4", "name": "vlc", "purl": "pkg:rpm/mageia/vlc?arch=source&distro=mageia-4" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "2.1.6-1.0.mga4.tainted" } ] } ], "ecosystem_specific": { "section": "tainted" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }