Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 603
Alerts This Week
Warning Icon 1 603

Mageia: 2019-0233 Moderate: VLC Media Player Code Execution Risk

mageia
Calendar Grey August 31, 2019
Dist Mageia Esm H88
Recent updates to VLC packages in Mageia address several vulnerabilities that could lead to exploitation or service interruptions.
Updated vlc packages fixes security vulnerabilities: Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or den...

Summary

Updated vlc packages fixes security vulnerabilities:
Multiple security issues were discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed file/stream is processed (CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970).
The vlc package has been updated to version 3.0.8, fixing these issues and other bugs. In Mageia 6, the libebml package has been updated to version 1.3.7, which is needed for Matroska support.

References

- https://bugs.mageia.org/show_bug.cgi?id=25284

- https://www.videolan.org/security/sb-vlc308.html

- https://code.videolan.org/videolan/vlc-3.0/-/raw/master/NEWS

- https://lists.debian.org/debian-security-announce/2019/msg00152.html

- https://www.cve.org/CVERecord?id=CVE-2019-13602

- https://www.cve.org/CVERecord?id=CVE-2019-13962

- https://www.cve.org/CVERecord?id=CVE-2019-14437

- https://www.cve.org/CVERecord?id=CVE-2019-14438

- https://www.cve.org/CVERecord?id=CVE-2019-14498

- https://www.cve.org/CVERecord?id=CVE-2019-14533

- https://www.cve.org/CVERecord?id=CVE-2019-14534

- https://www.cve.org/CVERecord?id=CVE-2019-14535

- https://www.cve.org/CVERecord?id=CVE-2019-14776

- https://www.cve.org/CVERecord?id=CVE-2019-14777

- https://www.cve.org/CVERecord?id=CVE-2019-14778

- https://www.cve.org/CVERecord?id=CVE-2019-14970

Resolution

SRPMS

- 7/tainted/vlc-3.0.8-1.mga7.tainted

- 7/core/vlc-3.0.8-1.mga7

- 6/tainted/vlc-3.0.8-1.mga6.tainted

- 6/core/vlc-3.0.8-1.mga6

- 6/core/libebml-1.3.7-1.mga6

Publication date: 31 Aug 2019
URL: https://advisories.mageia.org/MGASA-2019-0233.html
Type: security
CVE: CVE-2019-13602, CVE-2019-13962, CVE-2019-14437, CVE-2019-14438, CVE-2019-14498, CVE-2019-14533, CVE-2019-14534, CVE-2019-14535, CVE-2019-14776, CVE-2019-14777, CVE-2019-14778, CVE-2019-14970

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.