Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE Leap 15.1: 2019:1840-1 Important: VLC Buffer Overflows

opensuse
Calendar Grey August 8, 2019
Dist Opensuse Esm H88
A recent patch for VLC addresses several vulnerabilities such as buffer overflow threats, integer underflow problems, and flaws in memory handling.
An update that fixes 7 vulnerabilities is now available.

Description

This update for vlc to version 3.0.7.1 fixes the following issues:

Security issues fixed:

- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).

- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).

- CVE-2019-5460: Fixed a double free (bsc#1143547).

- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in

modules/demux/mkv/util.cpp (bsc#1138933).

- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).

- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec

(boo#1142161).

Non-security issues fixed:

- Video Output:

* Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support

- Access:

* Improve Blu-ray support

- Audio output:

* Fix pass-through on Android-23

* Fix DirectSound drain

- Demux: Improve MP4 support

- Video Output:

* Fix 12 bits sources playback with Direct3D11

* Fix crash on iOS

* Fix midstream aspect-ratio changes...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory buffer overflow important double free vlc integer underflow heap-based over-read

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1840=1

Package List

- openSUSE Leap 15.1 (x86_64):

libvlc5-3.0.7.1-lp151.6.3.1

libvlc5-debuginfo-3.0.7.1-lp151.6.3.1

libvlccore9-3.0.7.1-lp151.6.3.1

libvlccore9-debuginfo-3.0.7.1-lp151.6.3.1

vlc-3.0.7.1-lp151.6.3.1

vlc-codec-gstreamer-3.0.7.1-lp151.6.3.1

vlc-codec-gstreamer-debuginfo-3.0.7.1-lp151.6.3.1

vlc-debuginfo-3.0.7.1-lp151.6.3.1

vlc-debugsource-3.0.7.1-lp151.6.3.1

vlc-devel-3.0.7.1-lp151.6.3.1

vlc-jack-3.0.7.1-lp151.6.3.1

vlc-jack-debuginfo-3.0.7.1-lp151.6.3.1

vlc-noX-3.0.7.1-lp151.6.3.1

vlc-noX-debuginfo-3.0.7.1-lp151.6.3.1

vlc-qt-3.0.7.1-lp151.6.3.1

vlc-qt-debuginfo-3.0.7.1-lp151.6.3.1

vlc-vdpau-3.0.7.1-lp151.6.3.1

vlc-vdpau-debuginfo-3.0.7.1-lp151.6.3.1

- openSUSE Leap 15.1 (noarch):

vlc-lang-3.0.7.1-lp151.6.3.1

References

https://www.suse.com/security/cve/CVE-2018-19857.html

https://www.suse.com/security/cve/CVE-2019-12874.html

https://www.suse.com/security/cve/CVE-2019-13602.html

https://www.suse.com/security/cve/CVE-2019-13962.html

https://www.suse.com/security/cve/CVE-2019-5439.html

https://www.suse.com/security/cve/CVE-2019-5459.html

https://www.suse.com/security/cve/CVE-2019-5460.html

https://bugzilla.suse.com/1118586

https://bugzilla.suse.com/1138354

https://bugzilla.suse.com/1138933

https://bugzilla.suse.com/1141522

https://bugzilla.suse.com/1142161

https://bugzilla.suse.com/1143547

https://bugzilla.suse.com/1143549

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1840-1
Rating: important
Affected Products: openSUSE Leap 15.1

Topics%20covered

Topics Covered

security advisory buffer overflow important double free vlc integer underflow heap-based over-read

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here