SoylentNews is people
SoylentNews
Submitted via IRC for SoyCow1944
An attacker could remotely take full control over a computer system while playing untrusted videos with any version of VLC media player software prior to 3.0.7.
The hack is possible due to two high-risk security flaws (CVE-2019-5439, CVE-2019-12874) that could potentially lead to arbitrary code execution attacks. The company Videolan also addressed many other medium and low-severity security vulnerabilities in its software.
"A remote user can create some specially crafted avi or mkv files that, when loaded by the target user, will trigger a heap buffer overflow (read) in ReadFrame (demux/avi/avi.c), or a double free in zlib_decompress_extra() (demux/mkv/utils.cpp) respectively" reads the security advisory published by the company. "If successful, a malicious third party could trigger either a crash of VLC or an arbitratry code execution with the privileges of the target user."
Source: https://securityaffairs.co/wordpress/87433/breaking-news/vlc-player-flaws.html
(Score: 2) by MostCynical on Tuesday June 25 2019, @11:31PM (4 children)
Don't run as admin.
Sudo is your friend.
"I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex
(Score: 3, Funny) by RamiK on Wednesday June 26 2019, @12:21AM (2 children)
compiling...
(Score: 3, Funny) by looorg on Wednesday June 26 2019, @01:35AM (1 child)
Since I missed the first four seasons and change, what the fuck did I miss?
(Score: 2) by http on Wednesday June 26 2019, @06:20AM
Fucking.
I browse at -1 when I have mod points. It's unsettling.
(Score: 0) by Anonymous Coward on Thursday June 27 2019, @03:14AM
Run vlc to view random videos using a "vlc-unsafe" user account. Use a wrapper script/alias to make it easier if you want.
Similarly use firefox-unsafe to browse SN etc using , firefox-bank1 for bank #1 and so on.