openSUSE Security Update: Security update for vlc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:10252-1 Rating: important References: #1200944 #1206142 Cross-References: CVE-2020-0499 CVE-2021-0561 CVE-2022-41325 CVSS scores: CVE-2020-0499 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-0499 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41325 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for vlc fixes the following issues: - Update to version 3.0.18 (CVE-2022-41325, boo#1206142): + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - Add support for Y16 chroma. - Fix build of gme plugin. + Lua: - Fix script for vocaroo. - Fix script for youtube to allow throttled playback. + Service Discovery: Fix UPnP regression on Windows. + Video Output: Fix video placement with caopengllayer. + Misc: Fix password search in kwallet module. - Changes from version 3.0.18-rc: + Demux: - Major adaptive streaming update, notably for multiple timelies and webvtt. - Fix seeking with some fragmented MP4 files. - Add support for DVBSub inside MKV. - Fix some Flac files that could not be played. - Improve seeking in Ogg files. + Decoders: - Fix DxVA/D3D11 crashes on HEVC files with bogus references. - Fix libass storage size and crash. - Fix decoding errors on macOS hw decoding on some HEVC files. + Video Output: - Fix color regression with VAAPI/iOS and OpenGL output. - Fix some resizing issues with OpenGL on GLX/EGL/X11/XV. - Fix Direct3d9 texture stretching. - Fix 10-bit accelerated video filters on macOS. + Playlist: Avoid playlist liveloop on failed/tiny items (temporize EOS bursts). + Misc: - Misc fixes for the extension UI on macOS. - Improve SMBv1 and SMBv2 behaviours. - Improve FTP compatibility. - Support RISC-V. - Fix AVI muxing for Windows Media Player compatibility. - Fix seeking speed on macOS. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-10252=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64): libvlc5-3.0.18-bp153.2.6.1 libvlccore9-3.0.18-bp153.2.6.1 vlc-3.0.18-bp153.2.6.1 vlc-codec-gstreamer-3.0.18-bp153.2.6.1 vlc-devel-3.0.18-bp153.2.6.1 vlc-jack-3.0.18-bp153.2.6.1 vlc-noX-3.0.18-bp153.2.6.1 vlc-opencv-3.0.18-bp153.2.6.1 vlc-qt-3.0.18-bp153.2.6.1 vlc-vdpau-3.0.18-bp153.2.6.1 - openSUSE Backports SLE-15-SP3 (noarch): vlc-lang-3.0.18-bp153.2.6.1 References: https://www.suse.com/security/cve/CVE-2020-0499.html https://www.suse.com/security/cve/CVE-2021-0561.html https://www.suse.com/security/cve/CVE-2022-41325.html https://bugzilla.suse.com/1200944 https://bugzilla.suse.com/1206142