Debian Security Advisory DSA 1252-1 (vlc) Network Vulnerability

Summary

The remote host is missing an update to vlc announced via advisory DSA 1252-1. Kevin Finisterre discovered several format string problems in vlc, a multimedia player and streamer, that could lead to the execution of arbitrary code.

Solution

For the stable distribution (sarge) this problem has been fixed in version 0.8.1.svn20050314-1sarge2. For the testing distribution (etch) this problem has been fixed in version 0.8.6-svn20061012.debian-3. For the unstable distribution (sid) this problem has been fixed in version 0.8.6.a.debian-1. We recommend that you upgrade your vlc packages. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201252-1

Severity

Classification

CVE CVE-2007-0017
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1076-1 (lynx)
Debian Security Advisory DSA 1105-1 (xine-lib)
Debian Security Advisory DSA 1151-1 (heartbeat)
Debian Security Advisory DSA 1077-1 (lynx-ssl)
Debian Security Advisory DSA 1025-1 (dia)

Take action and discover your vulnerabilities