Описание
Security update for vlc
This update for vlc to version 2.2.6 fixes several issues.
This security issue was fixed:
- CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file (bsc#1041907).
These non-security issues were fixed:
- Stop depending on libkde4-devel: It's only used to find the install path for kde4, but configure falls back to the correct default for openSUSE anyway (boo#1057736).
- Disable vnc access module
For the various other fixes introduced by 2.2.6 please see the changelog.
Список пакетов
openSUSE Leap 42.2
libvlc5-2.2.6-32.3.1
libvlccore8-2.2.6-32.3.1
vlc-2.2.6-32.3.1
vlc-codec-gstreamer-2.2.6-32.3.1
vlc-devel-2.2.6-32.3.1
vlc-lang-2.2.6-32.3.1
vlc-noX-2.2.6-32.3.1
vlc-qt-2.2.6-32.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2597-1
- SUSE Security Ratings
Описание
plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.
Затронутые продукты
openSUSE Leap 42.2:libvlc5-2.2.6-32.3.1
openSUSE Leap 42.2:libvlccore8-2.2.6-32.3.1
openSUSE Leap 42.2:vlc-2.2.6-32.3.1
openSUSE Leap 42.2:vlc-codec-gstreamer-2.2.6-32.3.1
Ссылки
- CVE-2017-9300
- SUSE Bug 1041907