Computer Security
[EN] securityvulns.ru no-pyccku


libvpau multiple security vulnerabilities
Published:14.09.2015
Source:
SecurityVulns ID:14673
Type:library
Threat Level:
5/10
Description:Privilege escalation because of incorrect envorionment variables handling.
Affected:LIBVPAU : libvdpau 1.1
CVE:CVE-2015-5200 (The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.)
 CVE-2015-5199 (Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.)
 CVE-2015-5198 (libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 3355-1] libvdpau security update (14.09.2015)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod