drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in VLC media player
Name: |
Zwei Probleme in VLC media player |
|
ID: |
openSUSE-SU-2016:1651-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
openSUSE 13.2 |
|
Datum: |
Mi, 22. Juni 2016, 14:33 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5108
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3941 |
|
Applikationen: |
VLC media player |
|
Originalnachricht |
openSUSE Security Update: Security update for vlc ______________________________________________________________________________
Announcement ID: openSUSE-SU-2016:1651-1 Rating: important References: #973354 #984382 Cross-References: CVE-2016-3941 CVE-2016-5108 Affected Products: openSUSE 13.2 ______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for vlc to version 2.1.6 fixes the following issues:
These CVE were fixed: - CVE-2016-5108: Reject invalid QuickTime IMA files (boo#984382). - CVE-2016-3941: Heap overflow in processing wav files (boo#973354).
These security issues without were fixed: - Fix heap overflow in decomp stream filter. - Fix buffer overflow in updater. - Fix potential buffer overflow in schroedinger encoder. - Fix null-pointer dereference in DMO decoder. - Fix buffer overflow in parsing of string boxes in mp4 demuxer. - Fix SRTP integer overflow. - Fix potential crash in zip access. - Fix read overflow in Ogg demuxer.
Patch Instructions:
To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product:
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-755=1
To bring your system up-to-date, use "zypper patch".
Package List:
- openSUSE 13.2 (i586 x86_64):
libvlc5-2.1.6-2.10.1 libvlc5-debuginfo-2.1.6-2.10.1 libvlccore7-2.1.6-2.10.1 libvlccore7-debuginfo-2.1.6-2.10.1 vlc-2.1.6-2.10.1 vlc-debuginfo-2.1.6-2.10.1 vlc-debugsource-2.1.6-2.10.1 vlc-devel-2.1.6-2.10.1 vlc-gnome-2.1.6-2.10.1 vlc-gnome-debuginfo-2.1.6-2.10.1 vlc-noX-2.1.6-2.10.1 vlc-noX-debuginfo-2.1.6-2.10.1 vlc-qt-2.1.6-2.10.1 vlc-qt-debuginfo-2.1.6-2.10.1
- openSUSE 13.2 (noarch):
vlc-noX-lang-2.1.6-2.10.1
References:
https://www.suse.com/security/cve/CVE-2016-3941.html https://www.suse.com/security/cve/CVE-2016-5108.html https://bugzilla.suse.com/973354 https://bugzilla.suse.com/984382
-- To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
|
|
|
|