安全研究
安全漏洞
VLC媒体播放器多个栈溢出漏洞
发布日期:2008-11-05
更新日期:2008-11-07
受影响系统:
VideoLAN VLC Media Player 0.5.0 - 0.9.5不受影响系统:
VideoLAN VLC Media Player 0.9.6描述:
BUGTRAQ ID: 32125
CVE(CAN) ID: CVE-2008-5036,CVE-2008-5032
VLC Media Player是一款免费的媒体播放器。
VLC媒体播放器在解析畸形的cue文件时存在栈溢出漏洞,以下是modules\access\vcd\cdrom.c文件中的有漏洞代码段:
[...]
913 /* Try to parse the i_tracks and p_sectors info so we can just forget
914 * about the cuefile */
915 if( i_ret == 0 )
916 {
917 [1] int p_sectors[100];
918 int i_tracks = 0;
919 int i_num;
920 char psz_dummy[10];
921
922 [2] while( fgets( line, 1024, cuefile ) )
923 {
924 /* look for a TRACK line */
925 if( !sscanf( line, "%9s", psz_dummy ) ||
926 strcmp(psz_dummy, "TRACK") )
927 continue;
928
929 /* look for an INDEX line */
930 [3] while( fgets( line, 1024, cuefile ) )
931 {
932 int i_min, i_sec, i_frame;
933
934 [4] if( (sscanf( line, "%9s %2u %2u:%2u:%2u", psz_dummy, &i_num,
935 &i_min, &i_sec, &i_frame ) != 5) || (i_num != 1) )
936 continue;
937
938 [5] i_tracks++;
939 [6] p_sectors[i_tracks - 1] = MSF_TO_LBA(i_min, i_sec, i_frame);
940 msg_Dbg( p_this, "vcd track %i begins at sector:%i",
941 i_tracks - 1, p_sectors[i_tracks - 1] );
942 break;
943 }
944 }
[...]
[1] 这个栈缓冲区可能被溢出
[2] + [3] 将cue文件中用户控制的数据存储到了line
[4] 解析用户控制的数据并拷贝到i_min、i_sec和i_frame
[5] i_tracks计数器递增
[6] 来自i_min、i_sec和i_frame的用户控制数据拷贝到了栈缓冲区p_sectors并将i_tracks用作数组索引。由于i_tracks没有上限,可以通过在cue文件中指定大量音轨溢出p_sectors栈缓冲区。
此外VLC媒体播放器在解析畸形的rt字幕文件时存在另一个栈溢出。以下是modules\demux\subtitle.c文件中的有漏洞代码段:
[...]
1843 static int ParseRealText( demux_t *p_demux, subtitle_t *p_subtitle,
int i_idx )
1844 {
1845 VLC_UNUSED( i_idx );
1846 demux_sys_t *p_sys = p_demux->p_sys;
1847 text_t *txt = &p_sys->txt;
1848 char *psz_text = NULL;
1849 [1] char psz_end[12]= "", psz_begin[12] = "";
1850
1851 for( ;; )
1852 {
1853 int h1 = 0, m1 = 0, s1 = 0, f1 = 0;
1854 int h2 = 0, m2 = 0, s2 = 0, f2 = 0;
1855 const char *s = TextGetLine( txt );
1856 free( psz_text );
1857
1858 if( !s )
1859 return VLC_EGENERIC;
1860
1861 psz_text = malloc( strlen( s ) + 1 );
1862 if( !psz_text )
1863 return VLC_ENOMEM;
1864
1865 /* Find the good begining. This removes extra spaces at the
1866 beginning of the line.*/
1867 char *psz_temp = strcasestr( s, "<time");
1868 if( psz_temp != NULL )
1869 {
1870 /* Line has begin and end */
1871 [2] if( ( sscanf( psz_temp,
1872 "<%*[t|T]ime %*[b|B]egin=\"%[^\"]\"
%*[e|E]nd=\"%[^\"]%*[^>]%[^\n\r]",
1873 psz_begin, psz_end, psz_text) != 3 ) &&
1874 /* Line has begin and no end */
1875 [3] ( sscanf( psz_temp,
1876 "<%*[t|T]ime
%*[b|B]egin=\"%[^\"]\"%*[^>]%[^\n\r]",
1877 psz_begin, psz_text ) != 2) )
1878 /* Line is not recognized */
1879 {
1880 continue;
1881 }
[...]
[1] 栈缓冲区psz_end和psz_begin可能被溢出
[2] sscanf()函数从psz_temp所指向的用户控制字符串读取输入,未经任何边界检查便将用户控制的数据被存储到了psz_end和psz_begin。
[3] 同[2]
<*来源:Tobias Klein
链接:http://secunia.com/advisories/32569/
http://marc.info/?l=bugtraq&m=122600578120887&w=2
http://marc.info/?l=bugtraq&m=122600680022915&w=2
http://www.videolan.org/security/sa0810.html
http://security.gentoo.org/glsa/glsa-200812-24.xml
http://www.debian.org/security/2009/dsa-1819
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
建议:
临时解决方法:
* 从VLC插件安装目录中手动删除VCD和Subtitles插件(libvcd_plugin.*和libsubtitle_plugin.*)。
厂商补丁:
Debian
------
Debian已经为此发布了一个安全公告(DSA-1819-1)以及相应补丁:
DSA-1819-1:New vlc packages fix several vulnerabilities
链接:http://www.debian.org/security/2009/dsa-1819
补丁下载:
Source archives:
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian.orig.tar.gz
Size/MD5 checksum: 15168393 30c18a2fdc4105606033ff6e6aeab81c
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.diff.gz
Size/MD5 checksum: 2390010 aacfe6dc712b98ae872794d9d70fe1e3
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3.dsc
Size/MD5 checksum: 2622 bc3a4f4ee0ecd699820b478e96beecad
Architecture independent packages:
http://security.debian.org/pool/updates/main/v/vlc/wxvlc_0.8.6-svn20061012.debian-5.1+etch3_all.deb
Size/MD5 checksum: 778 62c36d9c3fe088478b442efec17b5b7e
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-alsa_0.8.6-svn20061012.debian-5.1+etch3_all.deb
Size/MD5 checksum: 786 12f8c6ef696cb7c6b8b1e33b313f72f0
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 5028 1c44834297096fe893775a5d95d1913b
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 4444 ad948e7f91e08a0261a009a62bd2a76b
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 1157956 da37f9efbdef57c192781d775818e042
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 40298 3c6639b6241c035f35508ed2b41e94b7
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 5169476 7342181513646f6562051fe843dab946
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 13048 63b8dfc325bf011cd9ab2762ac404da8
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 20162 9fd790aaa1a58aaa7de59ca17eec2ea9
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 1306476 230f2731958e3d9740198c66b7a14531
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_alpha.deb
Size/MD5 checksum: 6942 96f9d8b30b4c66b9d81a47e3f6141b7a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 20226 73bbae9c7491cb8fb99ae3c9e3b34670
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 11336 623ceac24cb2a59cbbdb96723c7feb4d
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 6054 99babdfe76e9ce755f36add0f01750bb
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 4667204 0304843fa1801c73ddd1b3e38cb66adf
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 951212 9b43d2bc0cbc149000e904d4251e05a0
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 36766 db3ee54d447f07bf7baf12dd69ebba3f
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 4518 24bd15d1aa8f929e5e122130931a3bdd
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 4188 9c82be723419ef7c45c28fa850d8a006
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_amd64.deb
Size/MD5 checksum: 1144154 67bc1eb6d916e8fa6dd6f55e283f7c08
arm architecture (ARM)
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 4206 41e5a43abe8480afefb61b0a539b7170
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 20124 41ef717a928b54131f6576645fb11aae
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 6096 431cb2ba76f85a4fc8a2e12d3f0fbb7a
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 998448 9f638f133362b620b1a25be555774f62
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 1262714 9aca627018c73b385c1585f67e611c85
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 33318 b34aa4d414f141614bf8e24a2fa7d1f5
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 4720770 6084cfde985ecc782d131d87376d5631
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 10810 05901b3cb763c6df7512e95b21ae3057
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_arm.deb
Size/MD5 checksum: 5582 089ffa3b5ab140334680b9d420f28fe2
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 6970 9f4a68eee0c5c64b3020417d4c94a2ea
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 7802 15eb78a9af99e4621e8e16c1db792a83
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 5360 fd9392b53054be7cf8a875ead65b74ae
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 46662 231785bcf877904edc5689be92765764
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 5241886 ecf4256f3266b72398d3102d778e0c0b
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 20090 7245b16edcd128fa86d6dbc25e9acdf3
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 13752 5c113155b10404e94aa695346eec0437
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 1083956 3b4c77690fbe73efe95ad664487edf3d
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_hppa.deb
Size/MD5 checksum: 1374550 c09d8dc3870426212a7be03c49f77be3
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 1137756 c55814ba9192c4c2c81a983bfb3b0b4d
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 10714 fb4d96ed4c70d57410aa1b9a3686d04c
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-glide_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 4138 f137b88a817cc34f4ce3bece8f95d0b5
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 4652906 3321d798ec1146fea206b6e4120a0801
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 20104 5742bd41d213b498063e8070723361cf
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 959380 1c496575c6b3966348595a2ee9b5b822
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 36190 82b82e147a2460780cfda4d67e27acc4
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 4820 2bf05cc5740357c059ca66feabf406b2
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 5842 48a4e79963b7da791c165c484fc11d76
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 4106 71906ef569dc94bbddbec713289ef3a8
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-svgalib_0.8.6-svn20061012.debian-5.1+etch3_i386.deb
Size/MD5 checksum: 4536 b02d59bd875bbd9b36c4dc54a16f1992
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 9096 fa4b850dadb0a697004617e968851d3a
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 5444 85afaf61e92a664c7b903031d169eb5a
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 17178 00ac774370b4016649ad172bc84667f2
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 49096 e07daab8ac4e5ea3427fdbadfa671aba
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 5905658 164b7902e5e5d5f511305632b6f6a812
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 6206 d0ae6c6462bdc873a845048ecb4fae4b
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 1459396 ea5d66259ff182a5c343dbf490274bbe
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 20130 3b611aaac099317e626c4b81d5ee9bc4
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_ia64.deb
Size/MD5 checksum: 1568890 d44cfd0dc33d34aaa3b106a79f806382
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 12262 48790d9a97eab369ec9aa3529684f206
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 35552 a47c2e52b8f829383addd5f7fb286c5c
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 6846 2b36dbc841cd22299aa175a4f1e65ca8
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 4492 4fc39c1471bca127f178856da0c8518e
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 1113268 cfc2795f1ccaf23a35e9102345bf0c65
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 5962 df95686291e5fc52d130b4b4e425fe45
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 20126 4d8ef48d4fd233f1fe1bf3335022fb43
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 1005096 ab3c1942a9fa822091cee3c76660594c
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mips.deb
Size/MD5 checksum: 4974220 6d7b51e1122a376ff6f0a04a660e9ed6
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 5916 dc0c51da2d60b705ae3938824c0a941e
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 922780 d81949c76c6fdf1ea138961cbe0f36be
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 6718 5530126155e75c9ed883ac2861c79b96
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 1005626 7fd2f06e879625a7121164353d65df6f
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 11946 80eeb122e2bbf4c9b2e430f3513115cc
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 34624 305feab6d4ead93fd6d76239d05732b0
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 4668688 27f431fe153b7efee925ef04c1a9befe
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 4480 a4684079cd594e316d62cf28e8c76adf
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_mipsel.deb
Size/MD5 checksum: 20136 77fbce0f999345f0afdf0650a7794647
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 1191316 b6ef4d881376ef204278456a57166236
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 5626 cdd05580d5e1c7653d13a07167274c45
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 1022198 8cdf75ed5cd61cf5e2ae7b297b7819e5
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 38260 b9681d0824ead229fa9c2a42c2516017
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 6910 d0bca6f30f15af804d044d666042d1ce
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 7988 cfed8cf8c2c864be55373ce15e23d3f0
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 5116308 105e08206811fe472412382a85c811e1
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 13714 ae7ec3ac6f7d1fdfab774d54958965aa
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_powerpc.deb
Size/MD5 checksum: 20270 d4c85cb0405292434d7537bd9e4b4494
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 4300 eda9d5b506dd1a70ef73bb592b58c3ef
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 6052 25aff1e5103edb5a9f734710d6b589b9
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 38336 08f2d6171ebb761babf664eb37ebe784
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 1019556 478a55d6631a2fba2267a8cd3dbd19f2
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 11412 a1e43e44ed1c20efd323adb4d48b90a6
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 4860616 92fef2c23dccb82e00bbc7c016d4dd21
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 20138 566c8573bef9cb08134ba1fe000b40a4
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 6322 67e8fd4b37cb84c6e59f5de27f21eb13
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_s390.deb
Size/MD5 checksum: 1172942 c30ffacd5c961e3b3f295b9e7ab175f2
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/v/vlc/mozilla-plugin-vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 33310 bc7e610c4085598763e056f255429873
http://security.debian.org/pool/updates/main/v/vlc/vlc-nox_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 4683530 04cd5bf600eca4c872cb802d767deb0a
http://security.debian.org/pool/updates/main/v/vlc/libvlc0-dev_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 19924 4988a8da8b1e97514c747a6964f7f856
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-ggi_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 5752 7584f5b967b245d7a0db7eb47fef5547
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-esd_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 4756 4526e8e7fceb344711f60ccaf3acfaa1
http://security.debian.org/pool/updates/main/v/vlc/vlc_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 1193282 76e99484e3d54569b80770a493ad2e49
http://security.debian.org/pool/updates/main/v/vlc/libvlc0_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 951186 2a21b9e1e6edd1d7a32a51abf3f782f3
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-arts_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 3920 ea9aff23630aa00dfcd37cb98df22408
http://security.debian.org/pool/updates/main/v/vlc/vlc-plugin-sdl_0.8.6-svn20061012.debian-5.1+etch3_sparc.deb
Size/MD5 checksum: 10404 d9ea8f6e0096234c4d9bdf9595eb5dbe
补丁安装方法:
1. 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
# wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
# dpkg -i file.deb (file是相应的补丁名)
2. 使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
# apt-get update
然后,使用下面的命令安装更新软件包:
# apt-get upgrade
Gentoo
------
Gentoo已经为此发布了一个安全公告(GLSA-200812-24)以及相应补丁:
GLSA-200812-24:VLC: Multiple vulnerabilities
链接:http://security.gentoo.org/glsa/glsa-200812-24.xml
所有VLC用户都应升级到最新版本:
# emerge --sync
# emerge --ask --oneshot --verbose ">=3Dmedia-video/vlc-0.9.8a"
VideoLAN
--------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.videolan.org/
浏览次数:5377
严重程度:0(网友投票)
绿盟科技给您安全的保障