Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE: 2023:0366-1 Moderate Security Update for VLC Released

opensuse
Calendar Grey November 12, 2023
Dist Opensuse Esm H88
A new security patch for VLC in openSUSE resolves various vulnerabilities and concerns, reinforcing system integrity and user protection.
An update that fixes three vulnerabilities is now available

Description

This update for vlc fixes the following issues:

Update to version 3.0.20:

+ Video Output:

- Fix green line in fullscreen in D3D11 video output

- Fix crash with some AMD drivers old versions

- Fix events propagation issue when double-clicking with mouse wheel

+ Decoders:

- Fix crash when AV1 hardware decoder fails

+ Interface:

- Fix annoying disappearance of the Windows fullscreen controller

+ Demuxers:

- Fix potential security issue (OOB Write) on MMS:// by checking user

size bounds

Update to version 3.0.19:

+ Core:

- Fix next-frame freezing in most scenarios

+ Demux:

- Support RIFF INFO tags for Wav files

- Fix AVI files with flipped RAW video planes

- Fix duration on short and small Ogg/Opus files

- Fix some HLS/TS streams with ID3 prefix

- Fix some HLS playlist refresh drift

- Fix for GoPro MAX spatial metadata

- Improve FFmpeg-muxed MP4 chapters handling

- Improve...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2023-366=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le x86_64):

libvlc5-3.0.20-bp155.2.3.1

libvlccore9-3.0.20-bp155.2.3.1

vlc-3.0.20-bp155.2.3.1

vlc-codec-gstreamer-3.0.20-bp155.2.3.1

vlc-devel-3.0.20-bp155.2.3.1

vlc-jack-3.0.20-bp155.2.3.1

vlc-noX-3.0.20-bp155.2.3.1

vlc-opencv-3.0.20-bp155.2.3.1

vlc-qt-3.0.20-bp155.2.3.1

vlc-vdpau-3.0.20-bp155.2.3.1

- openSUSE Backports SLE-15-SP5 (noarch):

vlc-lang-3.0.20-bp155.2.3.1

References

https://www.suse.com/security/cve/CVE-2022-37434.html

https://www.suse.com/security/cve/CVE-2022-41325.html

https://www.suse.com/security/cve/CVE-2023-5217.html

https://bugzilla.suse.com/1206142

Announcement ID: openSUSE-SU-2023:0366-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here