Stay Secure with the Latest Linux Advisories

security advisorydenial of servicecritical issue

Ubuntu 22.10: USN-6180-1 Critical: VLC Player Denial of Service

Several security issues were fixed in VLC media player.. =========================================================================Ubuntu Security Notice USN-6180-1 June 20, 2023 vlc vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.10 - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in VLC media player. Software Description: - vlc: multimedia player and streamer Details: It was discovered that VLC could be made to read out of bounds when decoding image files. If a user were tricked into opening a crafted image file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-19721) It was discovered that VLC could be made to write out of bounds when processing H.264 video files. If a user were tricked into opening a crafted H.264 video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-13428) It was discovered that VLC could be made to read out of bounds when processing AVI video files. If a user were tricked into opening a crafted AVI video file, a remote attacker could possibly use this issue to cause VLC to crash, leading to a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-25801, CVE-2021-25802, CVE-2021-25803, CVE-2021-25804) It was discovered that the VNC module of VLC contained an arithmetic overflow. If a user were tricked into opening a crafted playlist or connecting to a rouge VNC server, a remoteattacker could possibly use this issue to cause VLC to crash, leading to a denial of service, or possibly execute arbitrary code. (CVE-2022-41325) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.10: vlc 3.0.17.4-5ubuntu0.1 vlc-plugin-access-extra 3.0.17.4-5ubuntu0.1 Ubuntu 22.04 LTS (Available with Ubuntu Pro): vlc 3.0.16-1ubuntu0.1~esm1 vlc-plugin-access-extra 3.0.16-1ubuntu0.1~esm1 Ubuntu 20.04 LTS (Available with Ubuntu Pro): vlc 3.0.9.2-1ubuntu0.1~esm1 vlc-plugin-access-extra 3.0.9.2-1ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): vlc 3.0.8-0ubuntu18.04.1+esm1 vlc-plugin-access-extra 3.0.8-0ubuntu18.04.1+esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): vlc 2.2.2-5ubuntu0.16.04.5+esm2 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6180-1 CVE-2019-19721, CVE-2020-13428, CVE-2021-25801, CVE-2021-25802, CVE-2021-25803, CVE-2021-25804, CVE-2022-41325 Package Information: https://launchpad.net/ubuntu/+source/vlc/3.0.17.4-5ubuntu0.1 . Numerous security flaws have been rectified in the VLC media player for Ubuntu. Make sure to upgrade to the protected versions 22.10 and LTS to ensure your system's security.. VLC Player Issues, Ubuntu Security, Denial of Service. . Severity: Critical. LinuxSecurity.com Team

Jun 20, 2023 •Critical Ubuntu