openSUSE Security Update : vlc (openSUSE-2017-1101)
Medium Nessus Plugin ID 103589
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for vlc to version 2.2.6 fixes several issues.
This security issue was fixed :
- CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file (bsc#1041907).
These non-security issues were fixed :
- Stop depending on libkde4-devel: It's only used to find the install path for kde4, but configure falls back to the correct default for openSUSE anyway (boo#1057736).
- Disable vnc access module
For the various other fixes introduced by 2.2.6 please see the changelog.
SolutionUpdate the affected vlc packages.