Upgrade to VLC 2.2.0-RC1 for security reasons
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
vlc (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Utopic |
Fix Released
|
Undecided
|
Marc Deslauriers | ||
Vivid |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
Since VLC 2.2.0pre4, we've fixed a lot of head overflows, and heap buffer overflows in numerous VLC demuxers:
- demux: asf: stay within track limits
- demux: libmp4: fix heap overflow in stdp debug code (fix #12358)
- demux: mp4: fix heap buffer ofw with zero chunk (fix #12356)
- demux: tta: fix heap buffer ofw (fix #12357)
- demux: livavi: fix heap buffer ofw in strf parsing (fix #12359)
- demux: libavi: fix heap write ofw
- demux: ogg: fix use after free (fix #12360)
- demux: mp4: fix heap read ofw in extra bytes
- demux: asf: fix heap buffer write ofw in priorities (fix #12363)
- demux: mp4: fix last chunk size computation (fix #12362)
- demux: libmp4: fix heap buffer write ofw in chpl (fix #12366)
So far, we don't know any exploits, or even if they are exploitable, but the number is high enough to be worrying.
Since you package -pre2 in Utopic, you should care also about the following int overflows, heap buffer overflows, heap overflows and other important crashes:
access: dvdread: fix int overflow (cid #1062572)
addons: fix deference before null check (cid #1231840)
demux: mp4: fix integer overflow (fix #12074)
packetizer: dirac: block sanitizing must clean reordering (fix #12051)
demux: avi:fix block reading
demux: mp4: fix heap buffer overflow (fix #12266)
demux: ogg: Don't read skeleton if no bones first
demux: ogg: don't use incomplete vorbis headers (fix #12270)
demux: ogg: fix headers validation
demux: mp4: fix heap read overflow in avcc (fix #12267)
demux: ogg: fix packet count heap overflow (fix #12265)
demux: mp4: don't read at all if not content
demux: mp4: fix heap overflow (fix #12283)
demux: mp4: don't trust atom type processing stsd (fix #12285)
demux: mp4: fix heap overflow reading esds
demux: mp4: fix heap read overflow in vide handler
demux: mp4: fix overflow in cprt language decoding
input: stream_memory: handle skip reads
Please note that there is no new features whatsoever in VLC since the -pre2 version, but only bug fixes.
information type: | Private Security → Public Security |
description: | updated |
description: | updated |
information type: | Public Security → Private Security |
information type: | Private Security → Public Security |
Changed in vlc (Ubuntu Vivid): | |
status: | Confirmed → Fix Committed |
Changed in vlc (Ubuntu Utopic): | |
status: | New → In Progress |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in vlc (Ubuntu Vivid): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in vlc (Ubuntu Utopic): | |
status: | In Progress → Fix Released |
Changed in vlc (Ubuntu Vivid): | |
status: | Fix Committed → Fix Released |
affects: | vlc (Ubuntu Vivid) → npapi-vlc (Ubuntu Vivid) |
affects: | npapi-vlc (Ubuntu) → vlc (Ubuntu) |
Status changed to 'Confirmed' because the bug affects multiple users.