Arch Linux Security Advisory ASA-201509-5 ========================================= Severity: Medium Date : 2015-09-12 CVE-ID : CVE-2015-5198 CVE-2015-5199 CVE-2015-5200 Package : libvdpau lib32-libvdpau Type : multiple issues Remote : no Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The packages libvdpau and lib32-libvdpau before version 1.1.1-1 are vulnerable to multiple issues. Resolution ========== Upgrade to 1.1.1-1 # pacman -Syu "libvdpau>=1.1.1-1" if you need lib32-libvdpau: # pacman -Syu "libvdpau>=1.1.1-1" "lib32-libvdpau>=1.1.1-1" Workaround ========== None. Description =========== - CVE-2015-5198 (Local Privilege Escalation) When used in a setuid or setgid application, libvdpau/lib32-libvdpau allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable. - CVE-2015-5199 (Directory Traversal) Directory traversal vulnerability in dlopen in libvdpau/lib32/libvdpau allows local users to gain privileges via the VDPAU_DRIVER environment variable. - CVE-2015-5200 (Directory Traversal) The trace functionality in libvdpau/lib32-libvdpau, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors. Impact ====== An attacker can gain root-access or write to arbitrary files without permission. References ========== http://lists.x.org/archives/xorg-announce/2015-August/002630.html https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5198 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5199 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5200 http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110...