Errata overview
Errata ID 675
Date 2020-05-06
Source package vlc
Fixed in version 3.0.10-0+deb9u1
Description 
This update addresses the following issues:
* An exploitable denial-of-service vulnerability exists in the resource
  record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
  compressed labels in mDNS messages, the compression pointer is followed
  without checking for recursion, leading to a denial of service. An attacker
  can send an mDNS message to trigger this vulnerability. (CVE-2020-6071)
* An exploitable code execution vulnerability exists in the label-parsing
  functionality of Videolabs libmicrodns 0.1.0. When parsing compressed
  labels in mDNS messages, the rr_decode function's return value is not
  checked, leading to a double free that could be exploited to execute
  arbitrary code. An attacker can send an mDNS message to trigger this
  vulnerability. (CVE-2020-6072)
* An exploitable denial-of-service vulnerability exists in the TXT
  record-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
  the RDATA section in a TXT record in mDNS messages, multiple integer
  overflows can be triggered, leading to a denial of service. An attacker can
  send an mDNS message to trigger this vulnerability. (CVE-2020-6073)
* An exploitable denial-of-service vulnerability exists in the
  message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
  mDNS messages, the implementation does not properly keep track of the
  available data in the message, possibly leading to an out-of-bounds read
  that would result in a denial of service. An attacker can send an mDNS
  message to trigger this vulnerability. (CVE-2020-6077)
* An exploitable denial-of-service vulnerability exists in the
  message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing
  mDNS messages in mdns_recv, the return value of the mdns_read_header
  function is not checked, leading to an uninitialized variable usage that
  eventually results in a null pointer dereference, leading to service crash.
  An attacker can send a series of mDNS messages to trigger this
  vulnerability. (CVE-2020-6078)
* An exploitable denial-of-service vulnerability exists in the resource
  allocation handling of Videolabs libmicrodns 0.1.0. When encountering
  errors while parsing mDNS messages, some allocated data is not freed,
  possibly leading to a denial-of-service condition via resource exhaustion.
  An attacker can send one mDNS message repeatedly to trigger this
  vulnerability through decoding of the domain name performed by rr_decode.
  (CVE-2020-6079)
* An exploitable denial-of-service vulnerability exists in the resource
  allocation handling of Videolabs libmicrodns 0.1.0. When encountering
  errors while parsing mDNS messages, some allocated data is not freed,
  possibly leading to a denial-of-service condition via resource exhaustion.
  An attacker can send one mDNS message repeatedly to trigger this
  vulnerability through the function rr_read_RR [5] reads the current
  resource record, except for the RDATA section. This is read by the loop at
  in rr_read. For each RR type, a different function is called. When the RR
  type is 0x10, the function rr_read_TXT is called at [6]. (CVE-2020-6080)
Additional notes
CVE ID CVE-2020-6071
CVE-2020-6072
CVE-2020-6073
CVE-2020-6077
CVE-2020-6078
CVE-2020-6079
CVE-2020-6080
UCS Bug number #51208