openSUSE Security Update : vlc (openSUSE-SU-2015:0201-1)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

vlc was updated to the current openSUSE Tumbleweed version.

live555 was also updated to the current openSUSE Tumbleweed version as
a dependency.

Security issues fixed :

- Fix various buffer overflows and null ptr dereferencing
(boo#914268, CVE-2014-9625).

Other fixes :

- Enable SSE2 instruction set for x86_64

- Disable fluidsynth again: the crashes we had earlier are
still not all fixed. They are less, but less common
makes it more difficult to debug.

On openSUSE 13.1 :

- Update to version 2.1.5 :

+ Core: Fix compilation on OS/2.

+ Access: Stability improvements for the QTSound capture
module.

+ Mac OS X audio output :

- Fix channel ordering.

- Increase the buffersize.

+ Decoders :

- Fix DxVA2 decoding of samples needing more surfaces.

- Improve MAD resistance to broken mp3 streams.

- Fix PGS alignment in MKV.

+ Qt Interface: Don't rename mp3 converted files to .raw.

+ Mac OS X Interface :

- Correctly support video-on-top.

- Fix video output event propagation on Macs with retina
displays.

- Stability improvements when using future VLC releases
side by side.

+ Streaming: Fix transcode when audio format changes.

+ Updated translations.

- Update to version 2.1.4 :

+ Demuxers: Fix issue in WMV with multiple compressed
payload and empty payloads.

+ Video Output: Fix subtitles size rendering on Windows.

+ Mac OS X :

- Fix DVD playback regression.

- Fix misleading error message during video playback on OS
X 10.9.

- Fix hardware acceleration memleaks.

See also :

http://lists.opensuse.org/opensuse-updates/2015-02/msg00015.html
https://bugzilla.opensuse.org/show_bug.cgi?id=914268

Solution :

Update the affected vlc packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 81199 ()

Bugtraq ID:

CVE ID: CVE-2014-9625

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now