Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

  1. #1
    Join Date
    Oct 2012
    Beans
    14

    VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    According to VLC site, they are urging everyone to update to 2.0.4.
    http://www.videolan.org/news.html (security advisory 1203)

    Will the ubuntu update soon? I'm uneasy using it with a serious security vulnerability. I'm surprised the ubuntu hasn't already updated itself.

  2. #2
    Join Date
    May 2012
    Beans
    277

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    Well if you are using Ubuntu 12.04 I guess you can use the version for 12.10 if you are that worried (also it may come anyway if the security risk is that high)
    You could just use this repo for VLC updates:

    deb http://ppa.launchpad.net/videolan/stable-daily/ubuntu quantal main

  3. #3
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,744

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    Quote Originally Posted by LABcqX View Post
    According to VLC site, they are urging everyone to update to 2.0.4.
    http://www.videolan.org/news.html (security advisory 1203)

    Will the ubuntu update soon? I'm uneasy using it with a serious security vulnerability. I'm surprised the ubuntu hasn't already updated itself.
    install 2.0.4 then.
    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  4. #4
    Join Date
    Oct 2012
    Beans
    14

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    Quote Originally Posted by haqking View Post
    install 2.0.4 then.
    synaptic says 2.0.3 is hte latest version. there is no 2.0.4 install option.

  5. #5
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,744

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    Quote Originally Posted by LABcqX View Post
    synaptic says 2.0.3 is hte latest version. there is no 2.0.4 install option.
    Code:
    sudo add-apt-repository ppa:videolan/stable-daily
    sudo apt-get update
    sudo apt-get install vlc
    I am running 2.0.5
    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  6. #6
    Join Date
    Oct 2012
    Beans
    14

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    This seems to indicate I'd be receiving DAILY updates. Why would I want that? I just want to get the security updates that 2.0.4 bring. Why doesn't the ubuntu repository that gives VLC just update to 2.0.4 and solve the problem?

  7. #7
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,744

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    Quote Originally Posted by LABcqX View Post
    This seems to indicate I'd be receiving DAILY updates. Why would I want that? I just want to get the security updates that 2.0.4 bring. Why doesn't the ubuntu repository that gives VLC just update to 2.0.4 and solve the problem?

    The updates will also bring vulnerabilities that will be updated in 2.0.5 which will bring vulnerabilities that will need updating to 2.0.6 ad anuseum ad infinitum

    Dont do that then and download source for 2.0.4

    As for why, VLC is one of thousands of applications in the repos that are not built by Canonical, they are third party tools, if you want the latest install it yourself.

    You seem overly worried about this particular vulnerability like there it is the only one on your machine...LOL I am pretty confident you have many more in different services and applications.
    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  8. #8
    Join Date
    Dec 2011
    Location
    Manchester, UK
    Beans
    356
    Distro
    Ubuntu

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    Quote Originally Posted by LABcqX View Post
    This seems to indicate I'd be receiving DAILY updates. Why would I want that? I just want to get the security updates that 2.0.4 bring. Why doesn't the ubuntu repository that gives VLC just update to 2.0.4 and solve the problem?
    That's because Ubuntu isn't a rolling release distro, so they couldn't update their repositories for the newest VLC version. The best solution is to use the PPA as suggested... Or else another video player!
    EDIT: VideLAN doesn't state what platforms this affects, so it's quite possible Ubuntu and other Linux-based OS' will remain unaffected. Anyway, it's a vulnerability, not an exploit – there are currently no known sites that distribute infected files for VLC, and now that it's fixed, there likely won't be any developed. You're being paranoid.
    Last edited by 0011235813; December 1st, 2012 at 05:30 PM.
    Read my technology blog at: http://penguincampaigner.wordpress.com

  9. #9
    Join Date
    Jun 2011
    Location
    The Shadow Gallery
    Beans
    6,744

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    Quote Originally Posted by 0011235813 View Post
    That's because Ubuntu isn't a rolling release distro, so they couldn't update their repositories for the newest VLC version. The best solution is to use the PPA as suggested... Or else another video player!
    EDIT: VideLAN doesn't state what platforms this affects, so it's quite possible Ubuntu and other Linux-based OS' will remain unaffected. Anyway, it's a vulnerability, not an exploit – there are currently no known sites that distribute infected files for VLC, and now that it's fixed, there likely won't be any developed. You're being paranoid.
    +1 there are vulnerabilities in most things, it doesnt mean it can be exploited. Also you seem overly worried like this is the only vulnerability on your machine, i can bet you have many others.

    If you want a certain version then install it, change to a rolling release distro or as said use a different player if you are uncomfartable with VLC.
    Backtrack - Giving machine guns to monkeys since 2006
    Kali-Linux - Adding a grenade launcher to the machine guns since 2013

  10. #10
    Join Date
    Mar 2011
    Beans
    701

    Re: VLC 2.0.3 (ubuntu latest version) has serious security vulnerability

    VLC, like many programs, takes in input. Just as PDF readers can take in malformed PDFs and be exploited, so can a media player.

    I would highly suggest setting up AppArmor for situations like this - I think I have one if anyone would like it, but it's one of my 'messing around' profiles, so it's not perfect.

    You're unlikely to run into:
    1) this exploit in the wild
    2) a payload that runs on Linux

    but if you'd like to be safe it's not hard.
    sig

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •