openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

medium Nessus Plugin ID 75273

Synopsis

The remote openSUSE host is missing a security update.

Description

VLC was updated to version 2.1.3 (bnc#864422) :

+ Core :

- Fix broken behaviour with SOCKSv5 proxies

- Fix integer overflow on error when using vlc_readdir

+ Access :

- Fix DVB-T2 tuning on Linux.

- Fix encrypted DVD playback.

- Fix v4l2 frequency conversion.

+ Decoders :

- Fix numerous issues (M2TS, VC1 interlaced, Lagarith, FFv1.3, Xvid) by updating codec libraries.

- Bring fluidsynth back on Mac OS X

- Fix some Opus crashes with some filters

- Fix teletext crash on Windows

+ Demuxers :

- Avoid an infinite recursion in MKV tags parsing

- Fix an issue with some Vobsub tracks

- Fix missing samples at the end of some wav files

- Fix divide by 0 on ASF/WMV parsing

+ Audio output :

- Fix audio device selection via command line on Mac OS X

- Fix audio crashes on Mac OS X

+ Video Output :

- Fix selection of DirectDraw as the default output for XP

- Fix transform off-by-one issue

- Fix screensaver disabling on Windows outputs

- Fix DirectDraw device enumeration and multi-display output

- Fix a potential crash when playing a fullscreen game at the same time as VLC

+ Stream output :

- Fix 24bits audio MTU alignment in RTP

- Fix record file names

+ Qt interface :

- Fix minimal size possible on start

- Fix a crash with the simple volume widget

- Fix a crash in the audio menu building

- Fix multimedia keys issues on Windows

- Fix opening of DVD and BD folders on Windows

+ HTTP interface: Fix album art display on Windows.

+ Updated translations.

- Add update-desktop-files BuildRequires and %desktop_database_post/postun calls to respective scriptlets: Fix https://bugs.links2linux.org/browse/PM-108

- Update to version 2.1.2 :

+ Audio output :

- Fix digital playback on OS X when more than one audio device is installed.

- Fix digital playback (SPDIF/HDMI) on Windows.

- Fix stuttering or silent playback when using sound enhancers or external audio devices on OS X.

- Improve responsiveness on OS X when playback starts or is being paused.

- Improve responsiveness, silent playback intervals and reliability on iOS.

+ Demuxers :

- Fix Vimeo and DailyMotion parsing.

- Various WMV playback improvements and fixes.

+ Decoders :

- Fix LPCM 20/24-bit decoding and 16 bits with channel padding.

- Fix playback of some HEVC samples.

+ Video filters: Fix crash on deinterlace selection.

+ Qt interface :

- Fix some streaming profiles when copy existed.

- Improve A-B loop control.

- Fix album art update when changing media.

+ Mac OS X interface adjustments.

+ Win32 installer: Kill running VLC process on uninstall/update.

+ Updated translations.

- More features (by adding BuildRequires) :

+ IDN Support (International Domain Names): libidn-devel

+ SFTP Access: libssh2-devel

+ HotKey Support: xcb-util-keysyms-devel

+ Complete SDL Stack: SDL_image-devel

+ ProjectM suppor (for openSUSE >= 12.3)

- Update to version 2.1.1 :

+ Core :

- Fix random and reshuffling behaviour.

- Fix recording.

- Fix some subtitles track selection.

+ Decoders :

- VP9 support in WebM.

- HEVC/H.265 support in MKV, MP4 and raw files.

- Fix GPU decoding under Windows (DxVA2) crashes.

+ Demuxers :

- Fix crashes on wav, mlp and mkv and modplug files.

- Support Speex in ogg files.

- Fix some .mov playlists support.

- Support Alac in mkv.

- Fix WMV3 and palette in AVI.

- Fix FLAC packetizer issues in some files.

+ Access :

- Fix DVB options parsing.

- Fix DeckLink HDMI input.

- Fix HTTPS connectivity on OS X by loading root certificates from Keychain.

+ Audio output :

- Fixes for DirectSound pass-through.

- Fixes for OSS output, notably on BSD.

+ Interfaces :

- Fix HTTP interface infinite loop.

- Fix D-Bus volume setting.

+ Qt :

- Reinstore right click subtitle menu to open a subtitle.

- Fix saving the hotkeys in preferences.

- Fix saving the audio volume on Win32, using DirectSound.

- Fix play after drag'n drop.

- Fix streaming options edition and scale parameter.

+ Stream out :

- Fix transcoding audio drift issues.

- Fix numerous audio encoding issues.

+ Win32 installer :

- Important rewrite to fix numerous bugs, notably about updates.

- Simplification of the upgrade mechanism.

+ Mac OS X interface :

- Reintroduce the language selector known from pre-2.1 releases.

- Fix fullscreen behaviour and various crashes.

- Fix about dialog crash in Japanese.

- Fix crashes on proxy lookups.

- Fixes on the playlist and information behaviours.

- Fixes on the streaming dialogs.

- Improves interface resizings.

+ Updated translations.

- Pass --with-default-font=[path] and

--with-default-monospace-font=[path] to configure.

- Drop fix_font_path.patch: replaced with configure parameters above.

- Recommend 'vlc' by vlc-qt: some users might go installing the UI package directly. Having Qt most likely also means the user has X, so we at least recommend the vlc package relying on X.

- Force creation of plugins cache in vlc-nox %post, instead of just touching the file, for details see https://trac.videolan.org/vlc/ticket/9807#comment:2

- Update License: A lot has been relicensed to LGPL-2.1.

Solution

Update the affected vlc packages.

See Also

https://bugs.links2linux.org/browse/PM-108

https://bugzilla.novell.com/show_bug.cgi?id=864422

https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html

https://trac.videolan.org/vlc/ticket/9807#comment:2

Plugin Details

Severity: Medium

ID: 75273

File Name: openSUSE-2014-178.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:vlc-qt-debuginfo, p-cpe:/a:novell:opensuse:vlc-nox-lang, p-cpe:/a:novell:opensuse:libvlccore7-debuginfo, p-cpe:/a:novell:opensuse:vlc-devel, p-cpe:/a:novell:opensuse:vlc-nox, p-cpe:/a:novell:opensuse:vlc-debugsource, p-cpe:/a:novell:opensuse:vlc-gnome, p-cpe:/a:novell:opensuse:libvlc5, p-cpe:/a:novell:opensuse:vlc-qt, p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo, cpe:/o:novell:opensuse:13.1, p-cpe:/a:novell:opensuse:vlc-nox-debuginfo, p-cpe:/a:novell:opensuse:libvlccore7, p-cpe:/a:novell:opensuse:libvlc5-debuginfo, p-cpe:/a:novell:opensuse:vlc-debuginfo, p-cpe:/a:novell:opensuse:vlc

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2/22/2014

Vulnerability Publication Date: 1/31/2020

Reference Information

CVE: CVE-2013-3565