Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

openSUSE Leap 15.0: 2019:1909-1 Important: VLC Multi-Fix Update

opensuse
Calendar Grey August 15, 2019
Dist Opensuse Esm H88
Enhance address security vulnerabilities in VLC for openSUSE Leap, boosting overall system resilience and media performance.
An update that solves 7 vulnerabilities and has three fixes is now available.

Description

This update for vlc to version 3.0.7.1 fixes the following issues:

Security issues fixed:

- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).

- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).

- CVE-2019-5460: Fixed a double free (bsc#1143547).

- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in

modules/demux/mkv/util.cpp (bsc#1138933).

- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).

- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec

(boo#1142161).

Non-security issues fixed:

- Video Output:

* Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support

- Access:

* Improve Blu-ray support

- Audio output:

* Fix pass-through on Android-23

* Fix DirectSound drain

- Demux: Improve MP4 support

- Video Output:

* Fix 12 bits sources playback with Direct3D11

* Fix crash on iOS

* Fix midstream aspect-ratio changes...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1909=1

Package List

- openSUSE Leap 15.0 (noarch):

libaom-devel-doc-1.0.0-lp150.2.1

vlc-lang-3.0.7.1-lp150.8.1

- openSUSE Leap 15.0 (x86_64):

aom-tools-1.0.0-lp150.2.1

aom-tools-debuginfo-1.0.0-lp150.2.1

libaom-debugsource-1.0.0-lp150.2.1

libaom-devel-1.0.0-lp150.2.1

libaom0-1.0.0-lp150.2.1

libaom0-debuginfo-1.0.0-lp150.2.1

libvlc5-3.0.7.1-lp150.8.1

libvlc5-debuginfo-3.0.7.1-lp150.8.1

libvlccore9-3.0.7.1-lp150.8.1

libvlccore9-debuginfo-3.0.7.1-lp150.8.1

vlc-3.0.7.1-lp150.8.1

vlc-codec-gstreamer-3.0.7.1-lp150.8.1

vlc-codec-gstreamer-debuginfo-3.0.7.1-lp150.8.1

vlc-debuginfo-3.0.7.1-lp150.8.1

vlc-debugsource-3.0.7.1-lp150.8.1

vlc-devel-3.0.7.1-lp150.8.1

vlc-jack-3.0.7.1-lp150.8.1

vlc-jack-debuginfo-3.0.7.1-lp150.8.1

vlc-noX-3.0.7.1-lp150.8.1

vlc-noX-debuginfo-3.0.7.1-lp150.8.1

vlc-qt-3.0.7.1-lp150.8.1

vlc-qt-debuginfo-3.0.7.1-lp150.8.1

vlc-vdpau-3.0.7.1-lp150.8.1

vlc-vdpau-debuginfo-3.0.7.1-lp150.8.1

References

https://www.suse.com/security/cve/CVE-2018-19857.html

https://www.suse.com/security/cve/CVE-2019-12874.html

https://www.suse.com/security/cve/CVE-2019-13602.html

https://www.suse.com/security/cve/CVE-2019-13962.html

https://www.suse.com/security/cve/CVE-2019-5439.html

https://www.suse.com/security/cve/CVE-2019-5459.html

https://www.suse.com/security/cve/CVE-2019-5460.html

https://bugzilla.suse.com/1093732

https://bugzilla.suse.com/1094893

https://bugzilla.suse.com/1118586

https://bugzilla.suse.com/1133290

https://bugzilla.suse.com/1138354

https://bugzilla.suse.com/1138933

https://bugzilla.suse.com/1141522

https://bugzilla.suse.com/1142161

https://bugzilla.suse.com/1143547

https://bugzilla.suse.com/1143549

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1909-1
Rating: important
Affected Products: openSUSE Leap 15.0 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.