Security update for vlc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:0714-1 Final 1 1 2021-05-12T10:05:31Z current 2021-05-12T10:05:31Z 2021-05-12T10:05:31Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for vlc This update for vlc fixes the following issues: Update to version 3.0.13: + Demux: - Adaptive: fix artefacts in HLS streams with wrong profiles/levels - Fix regression on some MP4 files for the audio track - Fix MPGA and ADTS probing in TS files - Fix Flac inside AVI files - Fix VP9/Webm artefacts when seeking + Codec: - Support SSA text scaling - Fix rotation on Android rotation - Fix WebVTT subtitles that start at 00:00 + Access: - Update libnfs to support NFSv4 - Improve SMB2 integration - Fix Blu-ray files using Unicode names on Windows - Disable mcast lookups on Android for RTSP playback + Video Output: Rework the D3D11 rendering wait, to fix choppiness on display + Interfaces: - Fix VLC getting stuck on close on X11 (#21875) - Improve RTL on preferences on macOS - Add mousewheel horizontal axis control - Fix crash on exit on macOS - Fix sizing of the fullscreen controls on macOS + Misc: - Improve MIDI fonts search on Linux - Update Soundcloud, Youtube, liveleak - Fix compilation with GCC11 - Fix input-slave option for subtitles + Updated translations. Update to version 3.0.12: + Access: Add new RIST access module compliant with simple profile (VSF_TR-06-1). + Access Output: Add new RIST access output module compliant with simple profile (VSF_TR-06-1). + Demux: Fixed adaptive's handling of resolution settings. + Audio output: Fix audio distortion on macOS during start of playback. + Video Output: Direct3D11: Fix some potential crashes when using video filters. + Misc: - Several fixes in the web interface, including privacy and security improvements - Update YouTube and Vocaroo scripts. + Updated translations. This update was imported from the openSUSE:Leap:15.2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2021-714 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXHKDVKJAYUS66PEMKU2REXIBZDZ6GFW/ E-Mail link for openSUSE-SU-2021:0714-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1181918 SUSE Bug 1181918 https://www.suse.com/security/cve/CVE-2020-26664/ SUSE CVE CVE-2020-26664 page SUSE Package Hub 15 SP2 libvlc5-3.0.13-bp152.2.12.1 libvlccore9-3.0.13-bp152.2.12.1 vlc-3.0.13-bp152.2.12.1 vlc-codec-gstreamer-3.0.13-bp152.2.12.1 vlc-devel-3.0.13-bp152.2.12.1 vlc-jack-3.0.13-bp152.2.12.1 vlc-lang-3.0.13-bp152.2.12.1 vlc-noX-3.0.13-bp152.2.12.1 vlc-opencv-3.0.13-bp152.2.12.1 vlc-qt-3.0.13-bp152.2.12.1 vlc-vdpau-3.0.13-bp152.2.12.1 libvlc5-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 libvlccore9-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-codec-gstreamer-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-devel-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-jack-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-lang-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-noX-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-opencv-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-qt-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 vlc-vdpau-3.0.13-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media player 3.0.11 allows attackers to trigger a heap-based buffer overflow via a crafted .mkv file. CVE-2020-26664 SUSE Package Hub 15 SP2:libvlc5-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:libvlccore9-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-codec-gstreamer-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-devel-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-jack-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-lang-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-noX-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-opencv-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-qt-3.0.13-bp152.2.12.1 SUSE Package Hub 15 SP2:vlc-vdpau-3.0.13-bp152.2.12.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EXHKDVKJAYUS66PEMKU2REXIBZDZ6GFW/ https://www.suse.com/security/cve/CVE-2020-26664.html CVE-2020-26664 https://bugzilla.suse.com/1180755 SUSE Bug 1180755