Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0089
A vulnerability has been identified in VLC media player
prior to version 1.1.12
17 October 2011
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VLC media player
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
Member content until: Wednesday, November 16 2011
OVERVIEW
A vulnerability has been identified in VLC media player prior to
version 1.1.12.
IMPACT
The vendor has provided the following description of this
vulnerability:
"VLC media player suffers from a NULL dereference vulnerability in the
HTTP and RTSP server component." [1]
"If successful, a malicious third party could crash the server process.
Arbitrary code execution within the context of VLC media player is not
believed possible." [1]
MITIGATION
The vendor recommends upgrading to the latest version of VLC media
player to correct this issue. [1]
REFERENCES
[1] Security Advisory 1107
http://www.videolan.org/security/sa1107.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTpuZ+u4yVqjM2NGpAQLUtBAAnoqyznN6gUBigUHErmwD4ezYZ4BUsBjn
uvOWlwNoLtGctkXzU1DhOPy1F9WMU3UJaGSJLU5x7x1N/H+Kyh2f4O1urPFBHMke
fVj8pd7eIJDhhR5rv4i7saFMmmo9eZIv6PtvPu5SlWtC/Uq7BZnDKCIq02hTQLZb
lNPQRHGWTmU97ZwjJcwHiQkzvoUWHVsrohAhj9KSIvMRgvsHjKLduovOgzSEfeXP
195peeNLxdx63LLtdPS0VhxU+wm75Uad9Llq0Q1cZv8BxpH0GIwVoHSVwbXTmBCT
VVd04bgnpy1G3jaSBL7hfVyWvupeKYIt+oVkvPDY3BssdJzuKVl7rdeCDbdkO7g9
o74qgPdupmVDDhlUiMyV10OJmIBklHRmz8GbSEMA7an6kiQNc0qCpFbegUxWuVDq
bbFmh2JqBzcqErB3yo1+3hfTm67SfvWXc8ba7dzOB3f+YroL4YRgL/oLKKcVnYhy
r3l356znS3Kk7qpDjg8A1E9liZd3XxxpDYKvY2eP2EuCiW4KqPO7EuPRDhpj6w7Q
9o7Kb3WaFEfCyqLxljq6NFmtjmorICi3wwrA10hme2SJwZkxSiQfdl9wB17Hcohu
zbc4MYgUJ7RklGd4hzOISKcWpfRbLE59Z6V0JDdpghkRQftWJvldLx386DTcPKwt
AFXf9cCo4D8=
=g6UK
-----END PGP SIGNATURE-----