libvdpau lib32vdpau: multiple issues

2015-09-12T00:00:00
ID ASA-201509-5
Type archlinux
Reporter Arch Linux
Modified 2015-09-12T00:00:00

Description

  • CVE-2015-5198 (Local Privilege Escalation)

When used in a setuid or setgid application, libvdpau/lib32-libvdpau allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.

  • CVE-2015-5199 (Directory Traversal)

Directory traversal vulnerability in dlopen in libvdpau/lib32/libvdpau allows local users to gain privileges via the VDPAU_DRIVER environment variable.

  • CVE-2015-5200 (Directory Traversal)

The trace functionality in libvdpau/lib32-libvdpau, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.