Описание
Security update for vlc
This update for vlc to version 3.0.7.1 fixes the following issues:
Security issues fixed:
- CVE-2019-5439: Fixed a buffer overflow (bsc#1138354).
- CVE-2019-5459: Fixed an integer underflow (bsc#1143549).
- CVE-2019-5460: Fixed a double free (bsc#1143547).
- CVE-2019-12874: Fixed a double free in zlib_decompress_extra in modules/demux/mkv/util.cpp (bsc#1138933).
- CVE-2019-13602: Fixed an integer underflow in mp4 demuxer (boo#1141522).
- CVE-2019-13962: Fixed a heap-based buffer over-read in avcodec (boo#1142161).
Non-security issues fixed:
- Video Output:
- Fix hardware acceleration with some AMD drivers
- Improve direct3d11 HDR support
- Access:
- Improve Blu-ray support
- Audio output:
- Fix pass-through on Android-23
- Fix DirectSound drain
- Demux: Improve MP4 support
- Video Output:
- Fix 12 bits sources playback with Direct3D11
- Fix crash on iOS
- Fix midstream aspect-ratio changes when Windows hardware decoding is on
- Fix HLG display with Direct3D11
- Stream Output: Improve Chromecast support with new ChromeCast apps
- Misc:
- Update Youtube, Dailymotion, Vimeo, Soundcloud scripts
- Work around busy looping when playing an invalid item with loop enabled
- Updated translations.
New package libaom:
- Initial version 1.0.0
- A library for AOMedia Video 1 (AV1), an open, royalty-free video coding format designed for video transmissions over the Internet.
Список пакетов
openSUSE Leap 15.0
Ссылки
- E-Mail link for openSUSE-SU-2019:1909-1
- SUSE Security Ratings
- SUSE Bug 1093732
- SUSE Bug 1094893
- SUSE Bug 1118586
- SUSE Bug 1133290
- SUSE Bug 1138354
- SUSE Bug 1138933
- SUSE Bug 1141522
- SUSE Bug 1142161
- SUSE Bug 1143547
- SUSE Bug 1143549
- SUSE CVE CVE-2018-19857 page
- SUSE CVE CVE-2019-12874 page
- SUSE CVE CVE-2019-13602 page
- SUSE CVE CVE-2019-13962 page
- SUSE CVE CVE-2019-5439 page
- SUSE CVE CVE-2019-5459 page
- SUSE CVE CVE-2019-5460 page
Описание
The CAF demuxer in modules/demux/caf.c in VideoLAN VLC media player 3.0.4 may read memory from an uninitialized pointer when processing magic cookies in CAF files, because a ReadKukiChunk() cast converts a return value to an unsigned int even if that value is negative. This could result in a denial of service and/or a potential infoleak.
Затронутые продукты
Ссылки
- CVE-2018-19857
- SUSE Bug 1118586
Описание
An issue was discovered in zlib_decompress_extra in modules/demux/mkv/util.cpp in VideoLAN VLC media player 3.x through 3.0.7. The Matroska demuxer, while parsing a malformed MKV file type, has a double free.
Затронутые продукты
Ссылки
- CVE-2019-12874
- SUSE Bug 1138933
Описание
An Integer Underflow in MP4_EIA608_Convert() in modules/demux/mp4/mp4.c in VideoLAN VLC media player through 3.0.7.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and crash) or possibly have unspecified other impact via a crafted .mp4 file.
Затронутые продукты
Ссылки
- CVE-2019-13602
- SUSE Bug 1141522
- SUSE Bug 1146428
Описание
lavc_CopyPicture in modules/codec/avcodec/video.c in VideoLAN VLC media player through 3.0.7 has a heap-based buffer over-read because it does not properly validate the width and height.
Затронутые продукты
Ссылки
- CVE-2019-13962
- SUSE Bug 1142161
- SUSE Bug 1146428
Описание
A Buffer Overflow in VLC Media Player < 3.0.7 causes a crash which can possibly be further developed into a remote code execution exploit.
Затронутые продукты
Ссылки
- CVE-2019-5439
- SUSE Bug 1138354
Описание
An Integer underflow in VLC Media Player versions < 3.0.7 leads to an out-of-band read.
Затронутые продукты
Ссылки
- CVE-2019-5459
- SUSE Bug 1143549
Описание
Double Free in VLC versions <= 3.0.6 leads to a crash.
Затронутые продукты
Ссылки
- CVE-2019-5460
- SUSE Bug 1143547