openSUSE Security Update: Security update for vlc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1897-1 Rating: important References: #1118586 #1138354 #1138933 #1141522 #1142161 #1143547 #1143549 Cross-References: CVE-2018-19857 CVE-2019-12874 CVE-2019-13602 CVE-2019-13962 CVE-2019-5439 CVE-2019-5459 CVE-2019-5460 Affected Products: openSUSE Backports SLE-15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for vlc to version 3.0.7.1 fixes the following issues: Security issues fixed: - CVE-2019-5439: Fixed a buffer overflow (bsc#1138354). - CVE-2019-5459: Fixed an integer underflow (bsc#1143549). - CVE-2019-5460: Fixed a double free (bsc#1143547). - CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933). - CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522). - CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161). Non-security issues fixed: - Video Output: * Fix hardware acceleration with some AMD drivers * Improve direct3d11 HDR support - Access: * Improve Blu-ray support - Audio output: * Fix pass-through on Android-23 * Fix DirectSound drain - Demux: Improve MP4 support - Video Output: * Fix 12 bits sources playback with Direct3D11 * Fix crash on iOS * Fix midstream aspect-ratio changes when Windows hardware decoding is on * Fix HLG display with Direct3D11 - Stream Output: Improve Chromecast support with new ChromeCast apps - Misc: * Update Youtube, Dailymotion, Vimeo, Soundcloud scripts * Work around busy looping when playing an invalid item with loop enabled - Updated translations. This update was imported from the openSUSE:Leap:15.1:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP1: zypper in -t patch openSUSE-2019-1897=1 Package List: - openSUSE Backports SLE-15-SP1 (x86_64): libvlc5-3.0.7.1-bp151.5.3.3 libvlccore9-3.0.7.1-bp151.5.3.3 vlc-3.0.7.1-bp151.5.3.3 vlc-codec-gstreamer-3.0.7.1-bp151.5.3.3 vlc-devel-3.0.7.1-bp151.5.3.3 vlc-jack-3.0.7.1-bp151.5.3.3 vlc-noX-3.0.7.1-bp151.5.3.3 vlc-qt-3.0.7.1-bp151.5.3.3 vlc-vdpau-3.0.7.1-bp151.5.3.3 - openSUSE Backports SLE-15-SP1 (noarch): vlc-lang-3.0.7.1-bp151.5.3.3 References: https://www.suse.com/security/cve/CVE-2018-19857.html https://www.suse.com/security/cve/CVE-2019-12874.html https://www.suse.com/security/cve/CVE-2019-13602.html https://www.suse.com/security/cve/CVE-2019-13962.html https://www.suse.com/security/cve/CVE-2019-5439.html https://www.suse.com/security/cve/CVE-2019-5459.html https://www.suse.com/security/cve/CVE-2019-5460.html https://bugzilla.suse.com/1118586 https://bugzilla.suse.com/1138354 https://bugzilla.suse.com/1138933 https://bugzilla.suse.com/1141522 https://bugzilla.suse.com/1142161 https://bugzilla.suse.com/1143547 https://bugzilla.suse.com/1143549 -- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org