[arch-security] [ASA-201509-5] libvdpau lib32vdpau: multiple issues

chris.rebischke at gmail.com chris.rebischke at gmail.com
Sat Sep 12 23:07:39 UTC 2015 

Arch Linux Security Advisory ASA-201509-5
=========================================

Severity: Medium
Date    : 2015-09-12
CVE-ID  : CVE-2015-5198 CVE-2015-5199 CVE-2015-5200
Package : libvdpau lib32-libvdpau
Type    : multiple issues
Remote  : no
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The packages libvdpau and lib32-libvdpau before version 1.1.1-1 are vulnerable 
to multiple issues. 

Resolution
==========

Upgrade to 1.1.1-1

# pacman -Syu "libvdpau>=1.1.1-1" 

if you need lib32-libvdpau:

# pacman -Syu "libvdpau>=1.1.1-1" "lib32-libvdpau>=1.1.1-1"


Workaround
==========

None.

Description
===========

- CVE-2015-5198 (Local Privilege Escalation)

When used in a setuid or setgid application, libvdpau/lib32-libvdpau allows 
local users to gain privileges via unspecified vectors, related to the 
VDPAU_DRIVER_PATH environment variable.

- CVE-2015-5199 (Directory Traversal)

Directory traversal vulnerability in dlopen in libvdpau/lib32/libvdpau allows 
local users to gain privileges via the VDPAU_DRIVER environment variable.

- CVE-2015-5200 (Directory Traversal)

The trace functionality in libvdpau/lib32-libvdpau, when used in a setuid or 
setgid application, allows local users to write to arbitrary files via 
unspecified vectors.

Impact
======

An attacker can gain root-access or write to arbitrary files without permission.


References
==========

http://lists.x.org/archives/xorg-announce/2015-August/002630.html
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5198
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5199
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5200
http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20150913/2bc8e97a/attachment.asc>

More information about the arch-security mailing list