openSUSE-SU-2021:0076-1

Опубликовано: 16 янв. 2021

Источник: suse-cvrf

Описание

Security update for vlc

This update for vlc fixes the following issues:

Update to 3.0.11.1:

CVE-2020-13428: Fixed heap-based buffer overflow in the hxxx_AnnexB_to_xVC () (boo#1172727)
CVE-2020-26664: Fixed heap-based buffer overflow in EbmlTypeDispatcher:send () (boo#1180755)

Список пакетов

openSUSE Leap 15.1

libvlc5-3.0.11.1-lp151.6.12.1

libvlccore9-3.0.11.1-lp151.6.12.1

vlc-3.0.11.1-lp151.6.12.1

vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1

vlc-devel-3.0.11.1-lp151.6.12.1

vlc-jack-3.0.11.1-lp151.6.12.1

vlc-lang-3.0.11.1-lp151.6.12.1

vlc-noX-3.0.11.1-lp151.6.12.1

vlc-opencv-3.0.11.1-lp151.6.12.1

vlc-qt-3.0.11.1-lp151.6.12.1

vlc-vdpau-3.0.11.1-lp151.6.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OD6C4CTIQTZF237437FPGD5AIRV33TET/
E-Mail link for openSUSE-SU-2021:0076-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1133290
SUSE Bug 1133290
https://bugzilla.suse.com/1172727
SUSE Bug 1172727
https://bugzilla.suse.com/1180755
SUSE Bug 1180755
https://www.suse.com/security/cve/CVE-2020-13428/
SUSE CVE CVE-2020-13428 page
https://www.suse.com/security/cve/CVE-2020-26664/
SUSE CVE CVE-2020-26664 page

Описание

A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.

Затронутые продукты

openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1

openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1

openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1

openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-13428.html
CVE-2020-13428
https://bugzilla.suse.com/1172727
SUSE Bug 1172727

Описание

A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file.

Затронутые продукты

openSUSE Leap 15.1:libvlc5-3.0.11.1-lp151.6.12.1

openSUSE Leap 15.1:libvlccore9-3.0.11.1-lp151.6.12.1

openSUSE Leap 15.1:vlc-3.0.11.1-lp151.6.12.1

openSUSE Leap 15.1:vlc-codec-gstreamer-3.0.11.1-lp151.6.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-26664.html
CVE-2020-26664
https://bugzilla.suse.com/1180755
SUSE Bug 1180755

openSUSE-SU-2021:0076-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-13428

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-26664

Описание

Затронутые продукты

Ссылки