Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

Ubuntu 18.04 LTS: USN-4074-1 Critical: VLC DoS and Code Execution

ubuntu
Calendar Grey July 25, 2019
Dist Ubuntu Esm H88
The Ubuntu Security Notice USN-4075-1 outlines resolutions for VLC vulnerabilities that impact Ubuntu 18.04 LTS and 19.10.
Several security issues were fixed in VLC.

Summary

Several security issues were fixed in VLC.

Software Description:

- vlc: multimedia player and streamer

Details:

It was discovered that the VLC CAF demuxer incorrectly handled certain

files. If a user were tricked into opening a specially-crafted CAF file, a

remote attacker could use this issue to cause VLC to crash, resulting in a

denial of service. This issue only affected Ubuntu 18.04 LTS.

(CVE-2018-19857)

It was discovered that the VLC Matroska demuxer incorrectly handled certain

files. If a user were tricked into opening a specially-crafted MKV file, a

remote attacker could use this issue to cause VLC to crash, resulting in a

denial of service, or possibly execute arbitrary code. (CVE-2019-12874)

It was discovered that the VLC MP4 demuxer incorrectly handled certain

files. If a user were tricked into opening a specially-crafted MP4 file, a

remote attacker could use this issue to cause VLC to crash, resulting in a

denial of service, or possibly execute...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 19.04:
  vlc                             3.0.7.1-0ubuntu19.04.1

Ubuntu 18.04 LTS:
  vlc                             3.0.7.1-0ubuntu18.04.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4074-1

CVE-2018-19857, CVE-2019-12874, CVE-2019-13602, CVE-2019-5439

Severity
critical
Lowest
Low
Medium
High
Critical

July 25, 2019

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.