Branch p7 update bulletin.

Package libvdpau updated to version 1.1.1-alt0.M70P.1 for branch p7 in task 148763.

Published: 2015-09-08

BDU:2015-11337

Уязвимость библиотеки libvdpau, позволяющая нарушителю выполнять запись произвольных файлов

Severity: MEDIUM (6.3) Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C

References:

Published: 2015-09-08

BDU:2015-11338

Уязвимость библиотеки libvdpau, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-08

BDU:2015-11339

Уязвимость библиотеки libvdpau, позволяющая нарушителю повысить свои привилегии

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-08
Modified: 2025-04-12

CVE-2015-5198

libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-08
Modified: 2025-04-12

CVE-2015-5199

Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.

Severity: HIGH (7.2) Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

References:

Published: 2015-09-08
Modified: 2025-04-12

CVE-2015-5200

The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.

Severity: MEDIUM (6.3) Vector: AV:L/AC:M/Au:N/C:N/I:C/A:C

References:

Version: 2.1.2

Branch p7 update on 2015-09-03

ALT-BU-2015-2618-1

ALT-PU-2015-1742-1

Closed vulnerabilities

BDU:2015-11337

BDU:2015-11338

BDU:2015-11339

CVE-2015-5198

CVE-2015-5199

CVE-2015-5200