[SECURITY] [DLA 306-1] libvdpau security update

2015-09-1018:27:17

lists.debian.org

6.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

0.0004 Low

EPSS

Percentile

5.3%

JSON

Package : libvdpau
Version : 0.4.1-2+deb6u1
CVE ID : CVE-2015-5198 CVE-2015-5199 CVE-2015-5200
Debian Bug : 797895

Florian Weimer of Red Hat Product Security discovered that libvdpau, the
VDPAU wrapper library, did not properly validate environment variables,
allowing local attackers to gain additional privileges.

For Debian 6 "Squeeze", these problems have been fixed in libvdpau
version 0.4.1-2+deb6u1. See DSA 3355-1 for information on other Debian
releases.

We recommend that you upgrade your libvdpau packages.

Learn more about the Debian Long Term Support (LTS) Project and how to
apply these updates at: https://wiki.debian.org/LTS/

OSVersionArchitecturePackageVersionFilename
Debian8amd64libvdpau1-dbg< 0.8-3+deb8u1libvdpau1-dbg_0.8-3+deb8u1_amd64.deb
Debian8armellibvdpau-dev< 0.8-3+deb8u1libvdpau-dev_0.8-3+deb8u1_armel.deb
Debian8armellibvdpau1-dbg< 0.8-3+deb8u1libvdpau1-dbg_0.8-3+deb8u1_armel.deb
Debian8i386libvdpau1-dbg< 0.8-3+deb8u1libvdpau1-dbg_0.8-3+deb8u1_i386.deb
Debian8kfreebsd-amd64libvdpau1-dbg< 0.8-3+deb8u1libvdpau1-dbg_0.8-3+deb8u1_kfreebsd-amd64.deb
Debian8ppc64ellibvdpau-dev< 0.8-3+deb8u1libvdpau-dev_0.8-3+deb8u1_ppc64el.deb
Debian6i386libvdpau1< 0.4.1-2+deb6u1libvdpau1_0.4.1-2+deb6u1_i386.deb
Debian8amd64libvdpau1< 0.8-3+deb8u1libvdpau1_0.8-3+deb8u1_amd64.deb
Debian8arm64libvdpau-dev< 0.8-3+deb8u1libvdpau-dev_0.8-3+deb8u1_arm64.deb
Debian7mipsellibvdpau-dev< 0.4.1-7+deb7u1libvdpau-dev_0.4.1-7+deb7u1_mipsel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	libvdpau1-dbg	< 0.8-3+deb8u1	libvdpau1-dbg_0.8-3+deb8u1_amd64.deb
Debian	8	armel	libvdpau-dev	< 0.8-3+deb8u1	libvdpau-dev_0.8-3+deb8u1_armel.deb
Debian	8	armel	libvdpau1-dbg	< 0.8-3+deb8u1	libvdpau1-dbg_0.8-3+deb8u1_armel.deb
Debian	8	i386	libvdpau1-dbg	< 0.8-3+deb8u1	libvdpau1-dbg_0.8-3+deb8u1_i386.deb
Debian	8	kfreebsd-amd64	libvdpau1-dbg	< 0.8-3+deb8u1	libvdpau1-dbg_0.8-3+deb8u1_kfreebsd-amd64.deb
Debian	8	ppc64el	libvdpau-dev	< 0.8-3+deb8u1	libvdpau-dev_0.8-3+deb8u1_ppc64el.deb
Debian	6	i386	libvdpau1	< 0.4.1-2+deb6u1	libvdpau1_0.4.1-2+deb6u1_i386.deb
Debian	8	amd64	libvdpau1	< 0.8-3+deb8u1	libvdpau1_0.8-3+deb8u1_amd64.deb
Debian	8	arm64	libvdpau-dev	< 0.8-3+deb8u1	libvdpau-dev_0.8-3+deb8u1_arm64.deb
Debian	7	mipsel	libvdpau-dev	< 0.4.1-7+deb7u1	libvdpau-dev_0.4.1-7+deb7u1_mipsel.deb