Debian Security Advisory
DLA-306-1 libvdpau -- LTS security update
- Date Reported:
- 10 Sep 2015
- Affected Packages:
- libvdpau
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 797895.
In Mitre's CVE dictionary: CVE-2015-5198, CVE-2015-5199, CVE-2015-5200. - More information:
-
Florian Weimer of Red Hat Product Security discovered that libvdpau, the VDPAU wrapper library, did not properly validate environment variables, allowing local attackers to gain additional privileges.
For Debian 6
Squeeze
, these problems have been fixed in libvdpau version 0.4.1-2+deb6u1. See DSA 3355-1 for information on other Debian releases.We recommend that you upgrade your libvdpau packages.
