openSUSE Security Update: Security update for vlc
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2019:2015-1
Rating:             important
References:         #1093732 #1094893 #1118586 #1133290 #1138354 
                    #1138933 #1141522 #1142161 #1143547 #1143549 
                    
Cross-References:   CVE-2018-19857 CVE-2019-12874 CVE-2019-13602
                    CVE-2019-13962 CVE-2019-5439 CVE-2019-5459
                    CVE-2019-5460
Affected Products:
                    openSUSE Backports SLE-15
______________________________________________________________________________

   An update that solves 7 vulnerabilities and has three fixes
   is now available.

Description:

   This update for vlc to version 3.0.7.1 fixes the following issues:

   Security issues fixed:

   - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
   - CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
   - CVE-2019-5460: Fixed a double free (bsc#1143547).
   - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in
     modules/demux/mkv/util.cpp (bsc#1138933).
   - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
   - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec
     (boo#1142161).

   Non-security issues fixed:

   - Video Output:
     * Fix hardware acceleration with some AMD drivers     * Improve direct3d11 HDR support
   - Access:
     * Improve Blu-ray support
   - Audio output:
     * Fix pass-through on Android-23
     * Fix DirectSound drain
   - Demux: Improve MP4 support
   - Video Output:
     * Fix 12 bits sources playback with Direct3D11
     * Fix crash on iOS
     * Fix midstream aspect-ratio changes when Windows hardware decoding is on
     * Fix HLG display with Direct3D11
   - Stream Output: Improve Chromecast support with new ChromeCast apps
   - Misc:
     * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
     * Work around busy looping when playing an invalid item with loop enabled
   - Updated translations.

   New package libaom:
     * Initial version 1.0.0
     * A library for AOMedia Video 1 (AV1), an open, royalty-free video
       coding format designed for video transmissions over the Internet.


   This update was imported from the openSUSE:Leap:15.0:Update update project.


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15:

      zypper in -t patch openSUSE-2019-2015=1



Package List:

   - openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

      aom-tools-1.0.0-bp150.2.1
      aom-tools-debuginfo-1.0.0-bp150.2.1
      libaom-debugsource-1.0.0-bp150.2.1
      libaom-devel-1.0.0-bp150.2.1
      libaom0-1.0.0-bp150.2.1
      libaom0-debuginfo-1.0.0-bp150.2.1

   - openSUSE Backports SLE-15 (aarch64_ilp32):

      libaom0-64bit-1.0.0-bp150.2.1
      libaom0-64bit-debuginfo-1.0.0-bp150.2.1

   - openSUSE Backports SLE-15 (x86_64):

      libvlc5-3.0.7.1-bp150.2.6.1
      libvlccore9-3.0.7.1-bp150.2.6.1
      vlc-3.0.7.1-bp150.2.6.1
      vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1
      vlc-devel-3.0.7.1-bp150.2.6.1
      vlc-jack-3.0.7.1-bp150.2.6.1
      vlc-noX-3.0.7.1-bp150.2.6.1
      vlc-qt-3.0.7.1-bp150.2.6.1
      vlc-vdpau-3.0.7.1-bp150.2.6.1

   - openSUSE Backports SLE-15 (noarch):

      libaom-devel-doc-1.0.0-bp150.2.1
      vlc-lang-3.0.7.1-bp150.2.6.1


References:

   https://www.suse.com/security/cve/CVE-2018-19857.html
   https://www.suse.com/security/cve/CVE-2019-12874.html
   https://www.suse.com/security/cve/CVE-2019-13602.html
   https://www.suse.com/security/cve/CVE-2019-13962.html
   https://www.suse.com/security/cve/CVE-2019-5439.html
   https://www.suse.com/security/cve/CVE-2019-5459.html
   https://www.suse.com/security/cve/CVE-2019-5460.html
   https://bugzilla.suse.com/1093732
   https://bugzilla.suse.com/1094893
   https://bugzilla.suse.com/1118586
   https://bugzilla.suse.com/1133290
   https://bugzilla.suse.com/1138354
   https://bugzilla.suse.com/1138933
   https://bugzilla.suse.com/1141522
   https://bugzilla.suse.com/1142161
   https://bugzilla.suse.com/1143547
   https://bugzilla.suse.com/1143549

--

openSUSE: 2019:2015-1: important: vlc

August 26, 2019
An update that solves 7 vulnerabilities and has three fixes is now available.

Description

This update for vlc to version 3.0.7.1 fixes the following issues: Security issues fixed: - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354). - CVE-2019-5459: Fixed an integer underflow (bsc#1143549). - CVE-2019-5460: Fixed a double free (bsc#1143547). - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933). - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522). - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161). Non-security issues fixed: - Video Output: * Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support - Access: * Improve Blu-ray support - Audio output: * Fix pass-through on Android-23 * Fix DirectSound drain - Demux: Improve MP4 support - Video Output: * Fix 12 bits sources playback with Direct3D11 * Fix crash on iOS * Fix midstream aspect-ratio changes when Windows hardware decoding is on * Fix HLG display with Direct3D11 - Stream Output: Improve Chromecast support with new ChromeCast apps - Misc: * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts * Work around busy looping when playing an invalid item with loop enabled - Updated translations. New package libaom: * Initial version 1.0.0 * A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format designed for video transmissions over the Internet. This update was imported from the openSUSE:Leap:15.0:Update update project.

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15: zypper in -t patch openSUSE-2019-2015=1


Package List

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64): aom-tools-1.0.0-bp150.2.1 aom-tools-debuginfo-1.0.0-bp150.2.1 libaom-debugsource-1.0.0-bp150.2.1 libaom-devel-1.0.0-bp150.2.1 libaom0-1.0.0-bp150.2.1 libaom0-debuginfo-1.0.0-bp150.2.1 - openSUSE Backports SLE-15 (aarch64_ilp32): libaom0-64bit-1.0.0-bp150.2.1 libaom0-64bit-debuginfo-1.0.0-bp150.2.1 - openSUSE Backports SLE-15 (x86_64): libvlc5-3.0.7.1-bp150.2.6.1 libvlccore9-3.0.7.1-bp150.2.6.1 vlc-3.0.7.1-bp150.2.6.1 vlc-codec-gstreamer-3.0.7.1-bp150.2.6.1 vlc-devel-3.0.7.1-bp150.2.6.1 vlc-jack-3.0.7.1-bp150.2.6.1 vlc-noX-3.0.7.1-bp150.2.6.1 vlc-qt-3.0.7.1-bp150.2.6.1 vlc-vdpau-3.0.7.1-bp150.2.6.1 - openSUSE Backports SLE-15 (noarch): libaom-devel-doc-1.0.0-bp150.2.1 vlc-lang-3.0.7.1-bp150.2.6.1


References

https://www.suse.com/security/cve/CVE-2018-19857.html https://www.suse.com/security/cve/CVE-2019-12874.html https://www.suse.com/security/cve/CVE-2019-13602.html https://www.suse.com/security/cve/CVE-2019-13962.html https://www.suse.com/security/cve/CVE-2019-5439.html https://www.suse.com/security/cve/CVE-2019-5459.html https://www.suse.com/security/cve/CVE-2019-5460.html https://bugzilla.suse.com/1093732 https://bugzilla.suse.com/1094893 https://bugzilla.suse.com/1118586 https://bugzilla.suse.com/1133290 https://bugzilla.suse.com/1138354 https://bugzilla.suse.com/1138933 https://bugzilla.suse.com/1141522 https://bugzilla.suse.com/1142161 https://bugzilla.suse.com/1143547 https://bugzilla.suse.com/1143549--


Severity
Announcement ID: openSUSE-SU-2019:2015-1
Rating: important
Affected Products: openSUSE Backports SLE-15 le.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved