openSUSE Security Update: Security update for vlc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2015:0201-1 Rating: moderate References: #914268 Cross-References: CVE-2014-9625 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: vlc was updated to the current openSUSE Tumbleweed version. live555 was also updated to the current openSUSE Tumbleweed version as a dependency. Security issues fixed: - Fix various buffer overflows and null ptr dereferencing (boo#914268, CVE-2014-9625). Other fixes: - Enable SSE2 instruction set for x86_64 - Disable fluidsynth again: the crashes we had earlier are still not all fixed. They are less, but less common makes it more difficult to debug. On openSUSE 13.1: - Update to version 2.1.5: + Core: Fix compilation on OS/2. + Access: Stability improvements for the QTSound capture module. + Mac OS X audio output: - Fix channel ordering. - Increase the buffersize. + Decoders: - Fix DxVA2 decoding of samples needing more surfaces. - Improve MAD resistance to broken mp3 streams. - Fix PGS alignment in MKV. + Qt Interface: Don't rename mp3 converted files to .raw. + Mac OS X Interface: - Correctly support video-on-top. - Fix video output event propagation on Macs with retina displays. - Stability improvements when using future VLC releases side by side. + Streaming: Fix transcode when audio format changes. + Updated translations. - Update to version 2.1.4: + Demuxers: Fix issue in WMV with multiple compressed payload and empty payloads. + Video Output: Fix subtitles size rendering on Windows. + Mac OS X: - Fix DVD playback regression. - Fix misleading error message during video playback on OS X 10.9. - Fix hardware acceleration memleaks. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-99 - openSUSE 13.1: zypper in -t patch openSUSE-2015-99 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): libvlc5-2.1.5-2.4.1 libvlc5-debuginfo-2.1.5-2.4.1 libvlccore7-2.1.5-2.4.1 libvlccore7-debuginfo-2.1.5-2.4.1 live555-devel-2014.09.22-4.4.1 vlc-2.1.5-2.4.1 vlc-debuginfo-2.1.5-2.4.1 vlc-debugsource-2.1.5-2.4.1 vlc-devel-2.1.5-2.4.1 vlc-gnome-2.1.5-2.4.1 vlc-gnome-debuginfo-2.1.5-2.4.1 vlc-noX-2.1.5-2.4.1 vlc-noX-debuginfo-2.1.5-2.4.1 vlc-qt-2.1.5-2.4.1 vlc-qt-debuginfo-2.1.5-2.4.1 - openSUSE 13.2 (noarch): vlc-noX-lang-2.1.5-2.4.1 - openSUSE 13.1 (i586 x86_64): libvlc5-2.1.5-14.1 libvlc5-debuginfo-2.1.5-14.1 libvlccore7-2.1.5-14.1 libvlccore7-debuginfo-2.1.5-14.1 live555-devel-2014.09.22-2.4.1 vlc-2.1.5-14.1 vlc-debuginfo-2.1.5-14.1 vlc-debugsource-2.1.5-14.1 vlc-devel-2.1.5-14.1 vlc-gnome-2.1.5-14.1 vlc-gnome-debuginfo-2.1.5-14.1 vlc-noX-2.1.5-14.1 vlc-noX-debuginfo-2.1.5-14.1 vlc-qt-2.1.5-14.1 vlc-qt-debuginfo-2.1.5-14.1 - openSUSE 13.1 (noarch): vlc-noX-lang-2.1.5-14.1 References: http://support.novell.com/security/cve/CVE-2014-9625.html https://bugzilla.suse.com/show_bug.cgi?id=914268