MGASA-2018-0400 - Updated vlc packages fix security vulnerability Publication date: 19 Oct 2018 URL: https://advisories.mageia.org/MGASA-2018-0400.html Type: security Affected Mageia releases: 6 CVE: CVE-2018-11529 This update provides vlc 3.0.4 and fixes atleast the following security issue: A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in the execution of arbitrary code if a malformed media file is played (CVE-2018-11529) For other fixes in this update, see the referenced NEWS. References: - https://bugs.mageia.org/show_bug.cgi?id=23092 - https://www.debian.org/security/2018/dsa-4251 - https://www.videolan.org/developers/vlc-branch/NEWS - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529 SRPMS: - 6/tainted/vlc-3.0.4-1.mga6.tainted - 6/core/vlc-3.0.4-1.mga6
Mageia 2018-0400: vlc security update
This update provides vlc 3.0.4 and fixes atleast the following security issue: A use-after-free was discovered in the MP4 demuxer of the VLC media player, which could result in th...
Summary
This update provides vlc 3.0.4 and fixes atleast the following security
issue:
A use-after-free was discovered in the MP4 demuxer of the VLC media player,
which could result in the execution of arbitrary code if a malformed media
file is played (CVE-2018-11529)
For other fixes in this update, see the referenced NEWS.
References
- https://bugs.mageia.org/show_bug.cgi?id=23092
- https://www.debian.org/security/2018/dsa-4251
- https://www.videolan.org/developers/vlc-branch/NEWS
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529
Resolution
MGASA-2018-0400 - Updated vlc packages fix security vulnerability
SRPMS
- 6/tainted/vlc-3.0.4-1.mga6.tainted
- 6/core/vlc-3.0.4-1.mga6
Severity
Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0400.html
Type: security
CVE: CVE-2018-11529
News
HOWTOs
Features
About Us
Powered By
