Main menu:

Sponsoring

Please consider a small donation:

 

Also appreciated: support me by clicking the ads (costs nothing) :-)

 

Or you can donate bitcoin:

 

Thanks to TekLinks in Birmingham, AL, for providing colocation and bandwidth.

Page Rank

Fame

FOSS Force Best Blog--2013 Award

Recent posts

Recent comments

About this blog

I am Eric Hameleers, and this is where I think out loud.
More about me.

Search

My Favourites

Slackware

Calendar

April 2014
M T W T F S S
« Mar    
 123456
78910111213
14151617181920
21222324252627
282930  

RSS Alien's Slackware packages

RSS Alien's unofficial KDE Slackware packages

RSS Alien's multilib packages

Tag cloud

Meta

Fix package for VLC critical vulnerability (Security Advisory 1302)

A critical vulnerability was discovered in VLC’s ASF demuxer, Quoting the VideoLAN Security Advisory page : “Details: When parsing a specially crafted ASF movie, a buffer overflow might occur. Impact: If successful, a malicious third party could trigger an invalid memory access, leading to a crash of VLC media player’s process. In some cases attackers might exploit this issue to execute arbitrary code within the context of the application but this information is not confirmed.”

I wanted to wait for 2.0.6 at first but since the VideoLAN developers are at FOSDEM this weekend, and my build box was idle, I decided to build some packages incorporating the patch for that vulnerability.

Get them at one of the mirrors, for instance use one of my own repositories. Note that there are new packages for both Slackware 13.37 and 14.0:

Rsync acccess is offered by the mirror server: rsync://taper.alienbase.nl/mirrors/people/alien/restricted_slackbuilds/vlc/ .

My usual warning about patents: versions that can not only DEcode but also ENcode mp3 and aac audio can be found in my alternative repository where I keep the packages containing code that might violate stupid US software patents.

Eric

Write a comment