openSUSE Security Update: Security update for vlc
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2019:1840-1
Rating:             important
References:         #1118586 #1138354 #1138933 #1141522 #1142161 
                    #1143547 #1143549 
Cross-References:   CVE-2018-19857 CVE-2019-12874 CVE-2019-13602
                    CVE-2019-13962 CVE-2019-5439 CVE-2019-5459
                    CVE-2019-5460
Affected Products:
                    openSUSE Leap 15.1
______________________________________________________________________________

   An update that fixes 7 vulnerabilities is now available.

Description:

   This update for vlc to version 3.0.7.1 fixes the following issues:

   Security issues fixed:

   - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
   - CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
   - CVE-2019-5460: Fixed a double free (bsc#1143547).
   - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in
     modules/demux/mkv/util.cpp (bsc#1138933).
   - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
   - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec
     (boo#1142161).

   Non-security issues fixed:

   - Video Output:
     * Fix hardware acceleration with some AMD drivers     * Improve direct3d11 HDR support
   - Access:
     * Improve Blu-ray support
   - Audio output:
     * Fix pass-through on Android-23
     * Fix DirectSound drain
   - Demux: Improve MP4 support
   - Video Output:
     * Fix 12 bits sources playback with Direct3D11
     * Fix crash on iOS
     * Fix midstream aspect-ratio changes when Windows hardware decoding is on
     * Fix HLG display with Direct3D11
   - Stream Output: Improve Chromecast support with new ChromeCast apps
   - Misc:
     * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
     * Work around busy looping when playing an invalid item with loop enabled
   - Updated translations.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.1:

      zypper in -t patch openSUSE-2019-1840=1



Package List:

   - openSUSE Leap 15.1 (x86_64):

      libvlc5-3.0.7.1-lp151.6.3.1
      libvlc5-debuginfo-3.0.7.1-lp151.6.3.1
      libvlccore9-3.0.7.1-lp151.6.3.1
      libvlccore9-debuginfo-3.0.7.1-lp151.6.3.1
      vlc-3.0.7.1-lp151.6.3.1
      vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1
      vlc-codec-gstreamer-debuginfo-3.0.7.1-lp151.6.3.1
      vlc-debuginfo-3.0.7.1-lp151.6.3.1
      vlc-debugsource-3.0.7.1-lp151.6.3.1
      vlc-devel-3.0.7.1-lp151.6.3.1
      vlc-jack-3.0.7.1-lp151.6.3.1
      vlc-jack-debuginfo-3.0.7.1-lp151.6.3.1
      vlc-noX-3.0.7.1-lp151.6.3.1
      vlc-noX-debuginfo-3.0.7.1-lp151.6.3.1
      vlc-qt-3.0.7.1-lp151.6.3.1
      vlc-qt-debuginfo-3.0.7.1-lp151.6.3.1
      vlc-vdpau-3.0.7.1-lp151.6.3.1
      vlc-vdpau-debuginfo-3.0.7.1-lp151.6.3.1

   - openSUSE Leap 15.1 (noarch):

      vlc-lang-3.0.7.1-lp151.6.3.1


References:

   https://www.suse.com/security/cve/CVE-2018-19857.html
   https://www.suse.com/security/cve/CVE-2019-12874.html
   https://www.suse.com/security/cve/CVE-2019-13602.html
   https://www.suse.com/security/cve/CVE-2019-13962.html
   https://www.suse.com/security/cve/CVE-2019-5439.html
   https://www.suse.com/security/cve/CVE-2019-5459.html
   https://www.suse.com/security/cve/CVE-2019-5460.html
   https://bugzilla.suse.com/1118586
   https://bugzilla.suse.com/1138354
   https://bugzilla.suse.com/1138933
   https://bugzilla.suse.com/1141522
   https://bugzilla.suse.com/1142161
   https://bugzilla.suse.com/1143547
   https://bugzilla.suse.com/1143549

--

openSUSE: 2019:1840-1: important: vlc

August 8, 2019
An update that fixes 7 vulnerabilities is now available.

Description

This update for vlc to version 3.0.7.1 fixes the following issues: Security issues fixed: - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354). - CVE-2019-5459: Fixed an integer underflow (bsc#1143549). - CVE-2019-5460: Fixed a double free (bsc#1143547). - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933). - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522). - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161). Non-security issues fixed: - Video Output: * Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support - Access: * Improve Blu-ray support - Audio output: * Fix pass-through on Android-23 * Fix DirectSound drain - Demux: Improve MP4 support - Video Output: * Fix 12 bits sources playback with Direct3D11 * Fix crash on iOS * Fix midstream aspect-ratio changes when Windows hardware decoding is on * Fix HLG display with Direct3D11 - Stream Output: Improve Chromecast support with new ChromeCast apps - Misc: * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts * Work around busy looping when playing an invalid item with loop enabled - Updated translations.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2019-1840=1


Package List

- openSUSE Leap 15.1 (x86_64): libvlc5-3.0.7.1-lp151.6.3.1 libvlc5-debuginfo-3.0.7.1-lp151.6.3.1 libvlccore9-3.0.7.1-lp151.6.3.1 libvlccore9-debuginfo-3.0.7.1-lp151.6.3.1 vlc-3.0.7.1-lp151.6.3.1 vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1 vlc-codec-gstreamer-debuginfo-3.0.7.1-lp151.6.3.1 vlc-debuginfo-3.0.7.1-lp151.6.3.1 vlc-debugsource-3.0.7.1-lp151.6.3.1 vlc-devel-3.0.7.1-lp151.6.3.1 vlc-jack-3.0.7.1-lp151.6.3.1 vlc-jack-debuginfo-3.0.7.1-lp151.6.3.1 vlc-noX-3.0.7.1-lp151.6.3.1 vlc-noX-debuginfo-3.0.7.1-lp151.6.3.1 vlc-qt-3.0.7.1-lp151.6.3.1 vlc-qt-debuginfo-3.0.7.1-lp151.6.3.1 vlc-vdpau-3.0.7.1-lp151.6.3.1 vlc-vdpau-debuginfo-3.0.7.1-lp151.6.3.1 - openSUSE Leap 15.1 (noarch): vlc-lang-3.0.7.1-lp151.6.3.1


References

https://www.suse.com/security/cve/CVE-2018-19857.html https://www.suse.com/security/cve/CVE-2019-12874.html https://www.suse.com/security/cve/CVE-2019-13602.html https://www.suse.com/security/cve/CVE-2019-13962.html https://www.suse.com/security/cve/CVE-2019-5439.html https://www.suse.com/security/cve/CVE-2019-5459.html https://www.suse.com/security/cve/CVE-2019-5460.html https://bugzilla.suse.com/1118586 https://bugzilla.suse.com/1138354 https://bugzilla.suse.com/1138933 https://bugzilla.suse.com/1141522 https://bugzilla.suse.com/1142161 https://bugzilla.suse.com/1143547 https://bugzilla.suse.com/1143549--


Severity
Announcement ID: openSUSE-SU-2019:1840-1
Rating: important
Affected Products: openSUSE Leap 15.1

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
The Kinsing hacker group, or H2Miner, has been orchestrating illicit cryptocurrency mining campaigns since 2019 and poses a persistent security
32.Lock Code Circular Esm H320
2 - 3 min read
The Kimsuky APT group, reportedly linked to North Korea's Reconnaissance General Bureau (RGB), has been identified deploying a Linux version of its
4.Lock AbstractDigital Esm H320
2 - 3 min read
Recent research sheds light on the security vulnerabilities prevalent in Linux vendor kernels due to flawed engineering processes that backport
28.Lock Globe Esm H320
1 - 2 min read
The intersection of Linux and quantum computing has become increasingly apparent, emphasizing the importance of Linux-based operating systems in
6.EmailConnection Touch Esm H320
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
30.Lock Globe Motherboard Esm H320
1 - 2 min read
As cybersecurity practitioners, we are no strangers to the constant threat of malicious actors and the importance of remaining vigilant to protect
22.Lock ScreenEffect Esm H320
1 - 2 min read
EndeavorOS Gemini is a captivating and charming desktop operating system based on Arch Linux. The new release includes a kernel upgrade, 3D graphics
25.@Sign Hook Keyboard Esm H320
1 min read
Cyber risk is increasing for individuals and organizations, making flexible and robust solutions for identifying spam and malware increasingly

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved