openSUSE Security Update: Security update for vlc
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2023:0366-1
Rating:             moderate
References:         #1206142 
Cross-References:   CVE-2022-37434 CVE-2022-41325 CVE-2023-5217
                   
CVSS scores:
                    CVE-2022-37434 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-37434 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-41325 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2023-5217 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
                    CVE-2023-5217 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    openSUSE Backports SLE-15-SP5
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for vlc fixes the following issues:

   Update to version 3.0.20:

   + Video Output:
     - Fix green line in fullscreen in D3D11 video output
     - Fix crash with some AMD drivers old versions
     - Fix events propagation issue when double-clicking with mouse wheel
   + Decoders:
     - Fix crash when AV1 hardware decoder fails
   + Interface:
     - Fix annoying disappearance of the Windows fullscreen controller
   + Demuxers:
     - Fix potential security issue (OOB Write) on MMS:// by checking user
       size bounds

   Update to version 3.0.19:

   + Core:
     - Fix next-frame freezing in most scenarios
   + Demux:
     - Support RIFF INFO tags for Wav files
     - Fix AVI files with flipped RAW video planes
     - Fix duration on short and small Ogg/Opus files
     - Fix some HLS/TS streams with ID3 prefix
     - Fix some HLS playlist refresh drift
     - Fix for GoPro MAX spatial metadata
     - Improve FFmpeg-muxed MP4 chapters handling
     - Improve playback for QNap-produced AVI files
     - Improve playback of some old RealVideo files
     - Fix duration probing on some MP4 with missing information
   + Decoders:
     - Multiple fixes on AAC handling
     - Activate hardware decoding of AV1 on Windows (DxVA)
     - Improve AV1 HDR support with software decoding
     - Fix some AV1 GBRP streams, AV1 super-resolution streams and monochrome
       ones
     - Fix black screen on poorly edited MP4 files on Android Mediacodec
     - Fix rawvid video in NV12
     - Fix several issues on Windows hardware decoding (including "too large
       resolution in DxVA")
     - Improve crunchyroll-produced SSA rendering
   + Video Output:
     - Super Resolution scaling with nVidia and Intel GPUs
     - Fix for an issue when cropping on Direct3D9
     - Multiple fixes for hardware decoding on D3D11 and OpenGL interop
     - Fix an issue when playing -90°rotated video
     - Fix subtitles rendering blur on recent macOS
   + Input:
     - Improve SMB compatibility with Windows 11 hosts
   + Contribs:
     - Update of fluidlite, fixing some MIDI rendering on Windows
     - Update of zlib to 1.2.13 (CVE-2022-37434)
     - Update of FFmpeg, vpx (CVE-2023-5217), ebml, dav1d, libass
   + Misc:
     - Improve muxing timestamps in a few formats (reset to 0)
     - Fix some rendering issues on Linux with the fullscreen controller
     - Fix GOOM visualization
     - Fixes for Youtube playback
     - Fix some MPRIS inconsistencies that broke some OS widgets on Linux
     - Implement MPRIS TrackList signals
     - Fix opening files in read-only mode
     - Fix password search using the Kwallet backend
     - Fix some crashes on macOS when switching application
     - Fix 5.1/7.1 output on macOS and tvOS
     - Fix several crashes and bugs in the macOS preferences panel
     - Improvements on the threading of the MMDevice audio output on Windows
     - Fix a potential security issue on the uninstaller DLLs
     - Fix memory leaks when using the media_list_player libVLC APIs
   + Translations:
     - Update of most translations
     - New translations to Esperanto, Interlingue, Lao, Macedonian, Burmese,
       Odia, Samoan and Swahili


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Backports SLE-15-SP5:

      zypper in -t patch openSUSE-2023-366=1



Package List:

   - openSUSE Backports SLE-15-SP5 (aarch64 ppc64le x86_64):

      libvlc5-3.0.20-bp155.2.3.1
      libvlccore9-3.0.20-bp155.2.3.1
      vlc-3.0.20-bp155.2.3.1
      vlc-codec-gstreamer-3.0.20-bp155.2.3.1
      vlc-devel-3.0.20-bp155.2.3.1
      vlc-jack-3.0.20-bp155.2.3.1
      vlc-noX-3.0.20-bp155.2.3.1
      vlc-opencv-3.0.20-bp155.2.3.1
      vlc-qt-3.0.20-bp155.2.3.1
      vlc-vdpau-3.0.20-bp155.2.3.1

   - openSUSE Backports SLE-15-SP5 (noarch):

      vlc-lang-3.0.20-bp155.2.3.1


References:

   https://www.suse.com/security/cve/CVE-2022-37434.html
   https://www.suse.com/security/cve/CVE-2022-41325.html
   https://www.suse.com/security/cve/CVE-2023-5217.html
   https://bugzilla.suse.com/1206142

openSUSE: 2023:0366-1 moderate: vlc

November 12, 2023
An update that fixes three vulnerabilities is now available

Description

This update for vlc fixes the following issues: Update to version 3.0.20: + Video Output: - Fix green line in fullscreen in D3D11 video output - Fix crash with some AMD drivers old versions - Fix events propagation issue when double-clicking with mouse wheel + Decoders: - Fix crash when AV1 hardware decoder fails + Interface: - Fix annoying disappearance of the Windows fullscreen controller + Demuxers: - Fix potential security issue (OOB Write) on MMS:// by checking user size bounds Update to version 3.0.19: + Core: - Fix next-frame freezing in most scenarios + Demux: - Support RIFF INFO tags for Wav files - Fix AVI files with flipped RAW video planes - Fix duration on short and small Ogg/Opus files - Fix some HLS/TS streams with ID3 prefix - Fix some HLS playlist refresh drift - Fix for GoPro MAX spatial metadata - Improve FFmpeg-muxed MP4 chapters handling - Improve playback for QNap-produced AVI files - Improve playback of some old RealVideo files - Fix duration probing on some MP4 with missing information + Decoders: - Multiple fixes on AAC handling - Activate hardware decoding of AV1 on Windows (DxVA) - Improve AV1 HDR support with software decoding - Fix some AV1 GBRP streams, AV1 super-resolution streams and monochrome ones - Fix black screen on poorly edited MP4 files on Android Mediacodec - Fix rawvid video in NV12 - Fix several issues on Windows hardware decoding (including "too large resolution in DxVA") - Improve crunchyroll-produced SSA rendering + Video Output: - Super Resolution scaling with nVidia and Intel GPUs - Fix for an issue when cropping on Direct3D9 - Multiple fixes for hardware decoding on D3D11 and OpenGL interop - Fix an issue when playing -90°rotated video - Fix subtitles rendering blur on recent macOS + Input: - Improve SMB compatibility with Windows 11 hosts + Contribs: - Update of fluidlite, fixing some MIDI rendering on Windows - Update of zlib to 1.2.13 (CVE-2022-37434) - Update of FFmpeg, vpx (CVE-2023-5217), ebml, dav1d, libass + Misc: - Improve muxing timestamps in a few formats (reset to 0) - Fix some rendering issues on Linux with the fullscreen controller - Fix GOOM visualization - Fixes for Youtube playback - Fix some MPRIS inconsistencies that broke some OS widgets on Linux - Implement MPRIS TrackList signals - Fix opening files in read-only mode - Fix password search using the Kwallet backend - Fix some crashes on macOS when switching application - Fix 5.1/7.1 output on macOS and tvOS - Fix several crashes and bugs in the macOS preferences panel - Improvements on the threading of the MMDevice audio output on Windows - Fix a potential security issue on the uninstaller DLLs - Fix memory leaks when using the media_list_player libVLC APIs + Translations: - Update of most translations - New translations to Esperanto, Interlingue, Lao, Macedonian, Burmese, Odia, Samoan and Swahili

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2023-366=1


Package List

- openSUSE Backports SLE-15-SP5 (aarch64 ppc64le x86_64): libvlc5-3.0.20-bp155.2.3.1 libvlccore9-3.0.20-bp155.2.3.1 vlc-3.0.20-bp155.2.3.1 vlc-codec-gstreamer-3.0.20-bp155.2.3.1 vlc-devel-3.0.20-bp155.2.3.1 vlc-jack-3.0.20-bp155.2.3.1 vlc-noX-3.0.20-bp155.2.3.1 vlc-opencv-3.0.20-bp155.2.3.1 vlc-qt-3.0.20-bp155.2.3.1 vlc-vdpau-3.0.20-bp155.2.3.1 - openSUSE Backports SLE-15-SP5 (noarch): vlc-lang-3.0.20-bp155.2.3.1


References

https://www.suse.com/security/cve/CVE-2022-37434.html https://www.suse.com/security/cve/CVE-2022-41325.html https://www.suse.com/security/cve/CVE-2023-5217.html https://bugzilla.suse.com/1206142


Severity
Announcement ID: openSUSE-SU-2023:0366-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP5 .

Related News

News

Powered By

Footer Logo

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

Powered By

Footer Logo