openSUSE Security Update : vlc (openSUSE-2016-754)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for vlc to 2.2.4 to fix the following security issue :

- CVE-2016-5108: Fix out-of-bound write in adpcm QT IMA
codec (boo#984382).

This also include an update of codecs and libraries to fix these 3rd
party security issues :

- CVE-2016-1514: Matroska libebml EbmlUnicodeString Heap
Information Leak

- CVE-2016-1515: Matroska libebml Multiple ElementList
Double Free Vulnerabilities

- CVE-2015-7981: The png_convert_to_rfc1123 function in
png.c in libpng allowed remote attackers to obtain
sensitive process memory information via crafted tIME
chunk data in an image file, which triggers an
out-of-bounds read (bsc#952051).

- CVE-2015-8126: Multiple buffer overflows in the (1)
png_set_PLTE and (2) png_get_PLTE functions in libpng
allowed remote attackers to cause a denial of service
(application crash) or possibly have unspecified other
impact via a small bit-depth value in an IHDR (aka image
header) chunk in a PNG image (bsc#954980).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=952051
https://bugzilla.opensuse.org/show_bug.cgi?id=954980
https://bugzilla.opensuse.org/show_bug.cgi?id=984382

Solution :

Update the affected vlc packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 91772 ()

Bugtraq ID:

CVE ID: CVE-2015-7981
CVE-2015-8126
CVE-2016-1514
CVE-2016-1515
CVE-2016-5108

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now