openSUSE-SU-2021:0691-1: moderate: Security update for vlc
openSUSE Security Update: Security update for vlc
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0691-1
Rating: moderate
References: #1181918
Cross-References: CVE-2020-26664
CVSS scores:
CVE-2020-26664 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for vlc fixes the following issues:
Update to version 3.0.13:
+ Demux:
- Adaptive: fix artefacts in HLS streams with wrong profiles/levels
- Fix regression on some MP4 files for the audio track
- Fix MPGA and ADTS probing in TS files
- Fix Flac inside AVI files
- Fix VP9/Webm artefacts when seeking
+ Codec:
- Support SSA text scaling
- Fix rotation on Android rotation
- Fix WebVTT subtitles that start at 00:00
+ Access:
- Update libnfs to support NFSv4
- Improve SMB2 integration
- Fix Blu-ray files using Unicode names on Windows
- Disable mcast lookups on Android for RTSP playback
+ Video Output: Rework the D3D11 rendering wait, to fix choppiness on
display
+ Interfaces:
- Fix VLC getting stuck on close on X11 (#21875)
- Improve RTL on preferences on macOS
- Add mousewheel horizontal axis control
- Fix crash on exit on macOS
- Fix sizing of the fullscreen controls on macOS
+ Misc:
- Improve MIDI fonts search on Linux
- Update Soundcloud, Youtube, liveleak
- Fix compilation with GCC11
- Fix input-slave option for subtitles
+ Updated translations.
Update to version 3.0.12:
+ Access: Add new RIST access module compliant with simple profile
(VSF_TR-06-1).
+ Access Output: Add new RIST access output module compliant with simple
profile (VSF_TR-06-1).
+ Demux: Fixed adaptive's handling of resolution settings.
+ Audio output: Fix audio distortion on macOS during start of playback.
+ Video Output: Direct3D11: Fix some potential crashes when using video
filters.
+ Misc:
- Several fixes in the web interface, including privacy and security
improvements
- Update YouTube and Vocaroo scripts.
+ Updated translations.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-691=1
Package List:
- openSUSE Leap 15.2 (noarch):
vlc-lang-3.0.13-lp152.2.12.1
- openSUSE Leap 15.2 (x86_64):
libvlc5-3.0.13-lp152.2.12.1
libvlc5-debuginfo-3.0.13-lp152.2.12.1
libvlccore9-3.0.13-lp152.2.12.1
libvlccore9-debuginfo-3.0.13-lp152.2.12.1
vlc-3.0.13-lp152.2.12.1
vlc-codec-gstreamer-3.0.13-lp152.2.12.1
vlc-codec-gstreamer-debuginfo-3.0.13-lp152.2.12.1
vlc-debuginfo-3.0.13-lp152.2.12.1
vlc-debugsource-3.0.13-lp152.2.12.1
vlc-devel-3.0.13-lp152.2.12.1
vlc-jack-3.0.13-lp152.2.12.1
vlc-jack-debuginfo-3.0.13-lp152.2.12.1
vlc-noX-3.0.13-lp152.2.12.1
vlc-noX-debuginfo-3.0.13-lp152.2.12.1
vlc-opencv-3.0.13-lp152.2.12.1
vlc-opencv-debuginfo-3.0.13-lp152.2.12.1
vlc-qt-3.0.13-lp152.2.12.1
vlc-qt-debuginfo-3.0.13-lp152.2.12.1
vlc-vdpau-3.0.13-lp152.2.12.1
vlc-vdpau-debuginfo-3.0.13-lp152.2.12.1
References:
https://www.suse.com/security/cve/CVE-2020-26664.html
https://bugzilla.suse.com/1181918
A vlc security update has been released for openSUSE Leap 15.2.
