openSUSE Security Update : vlc (openSUSE-2016-754)
High Nessus Plugin ID 91772
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for vlc to 2.2.4 to fix the following security issue :
- CVE-2016-5108: Fix out-of-bound write in adpcm QT IMA codec (boo#984382).
This also include an update of codecs and libraries to fix these 3rd party security issues :
- CVE-2016-1514: Matroska libebml EbmlUnicodeString Heap Information Leak
- CVE-2016-1515: Matroska libebml Multiple ElementList Double Free Vulnerabilities
- CVE-2015-7981: The png_convert_to_rfc1123 function in png.c in libpng allowed remote attackers to obtain sensitive process memory information via crafted tIME chunk data in an image file, which triggers an out-of-bounds read (bsc#952051).
- CVE-2015-8126: Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng allowed remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image (bsc#954980).
SolutionUpdate the affected vlc packages.