openSUSE-SU-2017:2595-1

Опубликовано: 29 сент. 2017

Источник: suse-cvrf

Описание

Security update for vlc

This update for vlc fixes several issues.

This security issue was fixed:

CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file (bsc#1041907).

These non-security issues were fixed:

Stop depending on libkde4-devel: It's only used to find the install path for kde4, but configure falls back to the correct default for openSUSE anyway (boo#1057736).
Disable vnc access module

Список пакетов

openSUSE Leap 42.3

libvlc5-2.2.6-3.1

libvlccore8-2.2.6-3.1

vlc-2.2.6-3.1

vlc-codec-gstreamer-2.2.6-3.1

vlc-devel-2.2.6-3.1

vlc-lang-2.2.6-3.1

vlc-noX-2.2.6-3.1

vlc-qt-2.2.6-3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-09/msg00115.html
E-Mail link for openSUSE-SU-2017:2595-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.

Затронутые продукты

openSUSE Leap 42.3:libvlc5-2.2.6-3.1

openSUSE Leap 42.3:libvlccore8-2.2.6-3.1

openSUSE Leap 42.3:vlc-2.2.6-3.1

openSUSE Leap 42.3:vlc-codec-gstreamer-2.2.6-3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-9300.html
CVE-2017-9300
https://bugzilla.suse.com/1041907
SUSE Bug 1041907

openSUSE-SU-2017:2595-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-9300

Описание

Затронутые продукты

Ссылки