Detections
Analytics

openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)

medium Nessus Plugin ID 75273

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

VLC was updated to version 2.1.3 (bnc#864422) :

 + Core :

 - Fix broken behaviour with SOCKSv5 proxies

 - Fix integer overflow on error when using vlc_readdir

 + Access :

 - Fix DVB-T2 tuning on Linux.

 - Fix encrypted DVD playback.

 - Fix v4l2 frequency conversion.

 + Decoders :

 - Fix numerous issues (M2TS, VC1 interlaced, Lagarith, FFv1.3, Xvid) by updating codec libraries.

 - Bring fluidsynth back on Mac OS X

 - Fix some Opus crashes with some filters

 - Fix teletext crash on Windows

 + Demuxers :

 - Avoid an infinite recursion in MKV tags parsing

 - Fix an issue with some Vobsub tracks

 - Fix missing samples at the end of some wav files

 - Fix divide by 0 on ASF/WMV parsing

 + Audio output :

 - Fix audio device selection via command line on Mac OS X

 - Fix audio crashes on Mac OS X

 + Video Output :

 - Fix selection of DirectDraw as the default output for XP

 - Fix transform off-by-one issue

 - Fix screensaver disabling on Windows outputs

 - Fix DirectDraw device enumeration and multi-display output

 - Fix a potential crash when playing a fullscreen game at the same time as VLC

 + Stream output :

 - Fix 24bits audio MTU alignment in RTP

 - Fix record file names

 + Qt interface :

 - Fix minimal size possible on start

 - Fix a crash with the simple volume widget

 - Fix a crash in the audio menu building

 - Fix multimedia keys issues on Windows

 - Fix opening of DVD and BD folders on Windows

 + HTTP interface: Fix album art display on Windows.

 + Updated translations.

 - Add update-desktop-files BuildRequires and %desktop_database_post/postun calls to respective scriptlets: Fix https://bugs.links2linux.org/browse/PM-108

 - Update to version 2.1.2 :

 + Audio output :

 - Fix digital playback on OS X when more than one audio device is installed.

 - Fix digital playback (SPDIF/HDMI) on Windows.

 - Fix stuttering or silent playback when using sound enhancers or external audio devices on OS X.

 - Improve responsiveness on OS X when playback starts or is being paused.

 - Improve responsiveness, silent playback intervals and reliability on iOS.

 + Demuxers :

 - Fix Vimeo and DailyMotion parsing.

 - Various WMV playback improvements and fixes.

 + Decoders :

 - Fix LPCM 20/24-bit decoding and 16 bits with channel padding.

 - Fix playback of some HEVC samples.

 + Video filters: Fix crash on deinterlace selection.

 + Qt interface :

 - Fix some streaming profiles when copy existed.

 - Improve A-B loop control.

 - Fix album art update when changing media.

 + Mac OS X interface adjustments.

 + Win32 installer: Kill running VLC process on uninstall/update.

 + Updated translations.

 - More features (by adding BuildRequires) :

 + IDN Support (International Domain Names): libidn-devel

 + SFTP Access: libssh2-devel

 + HotKey Support: xcb-util-keysyms-devel

 + Complete SDL Stack: SDL_image-devel

 + ProjectM suppor (for openSUSE >= 12.3)

 - Update to version 2.1.1 :

 + Core :

 - Fix random and reshuffling behaviour.

 - Fix recording.

 - Fix some subtitles track selection.

 + Decoders :

 - VP9 support in WebM.

 - HEVC/H.265 support in MKV, MP4 and raw files.

 - Fix GPU decoding under Windows (DxVA2) crashes.

 + Demuxers :

 - Fix crashes on wav, mlp and mkv and modplug files.

 - Support Speex in ogg files.

 - Fix some .mov playlists support.

 - Support Alac in mkv.

 - Fix WMV3 and palette in AVI.

 - Fix FLAC packetizer issues in some files.

 + Access :

 - Fix DVB options parsing.

 - Fix DeckLink HDMI input.

 - Fix HTTPS connectivity on OS X by loading root certificates from Keychain.

 + Audio output :

 - Fixes for DirectSound pass-through.

 - Fixes for OSS output, notably on BSD.

 + Interfaces :

 - Fix HTTP interface infinite loop.

 - Fix D-Bus volume setting.

 + Qt :

 - Reinstore right click subtitle menu to open a subtitle.

 - Fix saving the hotkeys in preferences.

 - Fix saving the audio volume on Win32, using DirectSound.

 - Fix play after drag'n drop.

 - Fix streaming options edition and scale parameter.

 + Stream out :

 - Fix transcoding audio drift issues.

 - Fix numerous audio encoding issues.

 + Win32 installer :

 - Important rewrite to fix numerous bugs, notably about updates.

 - Simplification of the upgrade mechanism.

 + Mac OS X interface :

 - Reintroduce the language selector known from pre-2.1 releases.

 - Fix fullscreen behaviour and various crashes.

 - Fix about dialog crash in Japanese.

 - Fix crashes on proxy lookups.

 - Fixes on the playlist and information behaviours.

 - Fixes on the streaming dialogs.

 - Improves interface resizings.

 + Updated translations.

 - Pass --with-default-font=[path] and

 --with-default-monospace-font=[path] to configure.

 - Drop fix_font_path.patch: replaced with configure parameters above.

 - Recommend 'vlc' by vlc-qt: some users might go installing the UI package directly. Having Qt most likely also means the user has X, so we at least recommend the vlc package relying on X.

 - Force creation of plugins cache in vlc-nox %post, instead of just touching the file, for details see https://trac.videolan.org/vlc/ticket/9807#comment:2

 - Update License: A lot has been relicensed to LGPL-2.1.

Solution

Update the affected vlc packages.

See Also

https://bugs.links2linux.org/browse/PM-108

https://bugzilla.novell.com/show_bug.cgi?id=864422

https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html

https://trac.videolan.org/vlc/ticket/9807#comment:2

Plugin Details

Severity: Medium

ID: 75273

File Name: openSUSE-2014-178.nasl

Version: 1.5

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libvlc5, p-cpe:/a:novell:opensuse:libvlc5-debuginfo, p-cpe:/a:novell:opensuse:libvlccore7, p-cpe:/a:novell:opensuse:libvlccore7-debuginfo, p-cpe:/a:novell:opensuse:vlc, p-cpe:/a:novell:opensuse:vlc-debuginfo, p-cpe:/a:novell:opensuse:vlc-debugsource, p-cpe:/a:novell:opensuse:vlc-devel, p-cpe:/a:novell:opensuse:vlc-gnome, p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo, p-cpe:/a:novell:opensuse:vlc-nox, p-cpe:/a:novell:opensuse:vlc-nox-debuginfo, p-cpe:/a:novell:opensuse:vlc-nox-lang, p-cpe:/a:novell:opensuse:vlc-qt, p-cpe:/a:novell:opensuse:vlc-qt-debuginfo, cpe:/o:novell:opensuse:13.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 2/22/2014

Vulnerability Publication Date: 1/31/2020

Reference Information

CVE: CVE-2013-3565