Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

openSUSE: 2019:2015-1 Important: VLC Security Fixes for Multiple Threats

opensuse
Calendar Grey August 26, 2019
Dist Opensuse Esm H88
A significant notification for Fedora resolves various vulnerabilities in GIMP, enhancing overall platform security.
An update that solves 7 vulnerabilities and has three fixes is now available.

Description

This update for vlc to version 3.0.7.1 fixes the following issues:

Security issues fixed:

- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).

- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).

- CVE-2019-5460: Fixed a double free (bsc#1143547).

- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in

modules/demux/mkv/util.cpp (bsc#1138933).

- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).

- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec

(boo#1142161).

Non-security issues fixed:

- Video Output:

* Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support

- Access:

* Improve Blu-ray support

- Audio output:

* Fix pass-through on Android-23

* Fix DirectSound drain

- Demux: Improve MP4 support

- Video Output:

* Fix 12 bits sources playback with Direct3D11

* Fix crash on iOS

* Fix midstream aspect-ratio changes...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-2015=1

Package List

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

aom-tools-1.0.0-bp150.2.1

aom-tools-debuginfo-1.0.0-bp150.2.1

libaom-debugsource-1.0.0-bp150.2.1

libaom-devel-1.0.0-bp150.2.1

libaom0-1.0.0-bp150.2.1

libaom0-debuginfo-1.0.0-bp150.2.1

- openSUSE Backports SLE-15 (aarch64_ilp32):

libaom0-64bit-1.0.0-bp150.2.1

libaom0-64bit-debuginfo-1.0.0-bp150.2.1

- openSUSE Backports SLE-15 (x86_64):

libvlc5-3.0.7.1-bp150.2.6.1

libvlccore9-3.0.7.1-bp150.2.6.1

vlc-3.0.7.1-bp150.2.6.1

vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1

vlc-devel-3.0.7.1-bp150.2.6.1

vlc-jack-3.0.7.1-bp150.2.6.1

vlc-noX-3.0.7.1-bp150.2.6.1

vlc-qt-3.0.7.1-bp150.2.6.1

vlc-vdpau-3.0.7.1-bp150.2.6.1

- openSUSE Backports SLE-15 (noarch):

libaom-devel-doc-1.0.0-bp150.2.1

vlc-lang-3.0.7.1-bp150.2.6.1

References

https://www.suse.com/security/cve/CVE-2018-19857.html

https://www.suse.com/security/cve/CVE-2019-12874.html

https://www.suse.com/security/cve/CVE-2019-13602.html

https://www.suse.com/security/cve/CVE-2019-13962.html

https://www.suse.com/security/cve/CVE-2019-5439.html

https://www.suse.com/security/cve/CVE-2019-5459.html

https://www.suse.com/security/cve/CVE-2019-5460.html

https://bugzilla.suse.com/1093732

https://bugzilla.suse.com/1094893

https://bugzilla.suse.com/1118586

https://bugzilla.suse.com/1133290

https://bugzilla.suse.com/1138354

https://bugzilla.suse.com/1138933

https://bugzilla.suse.com/1141522

https://bugzilla.suse.com/1142161

https://bugzilla.suse.com/1143547

https://bugzilla.suse.com/1143549

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:2015-1
Rating: important
Affected Products: openSUSE Backports SLE-15 le.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.