SUSE 4998 Published by

A vlc security update has been released for SUSE Linux Enterprise 15 SP3.



openSUSE-SU-2022:10252-1: important: Security update for vlc


openSUSE Security Update: Security update for vlc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2022:10252-1
Rating: important
References: #1200944 #1206142
Cross-References: CVE-2020-0499 CVE-2021-0561 CVE-2022-41325

CVSS scores:
CVE-2020-0499 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE-2020-0499 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CVE-2021-0561 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2021-0561 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2022-41325 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP3
______________________________________________________________________________

An update that fixes three vulnerabilities is now available.

Description:

This update for vlc fixes the following issues:

- Update to version 3.0.18 (CVE-2022-41325, boo#1206142):
+ macOS: Fix audio device listing with non-latin names.
+ Misc: Fix rendering and performance issue with older GPUs.
+ Updated translations.
- Changes from version 3.0.18-rc2:
+ Codec/Demux:
- Add support for Y16 chroma.
- Fix build of gme plugin.
+ Lua:
- Fix script for vocaroo.
- Fix script for youtube to allow throttled playback.
+ Service Discovery: Fix UPnP regression on Windows.
+ Video Output: Fix video placement with caopengllayer.
+ Misc: Fix password search in kwallet module.
- Changes from version 3.0.18-rc:
+ Demux:
- Major adaptive streaming update, notably for multiple timelies and
webvtt.
- Fix seeking with some fragmented MP4 files.
- Add support for DVBSub inside MKV.
- Fix some Flac files that could not be played.
- Improve seeking in Ogg files.
+ Decoders:
- Fix DxVA/D3D11 crashes on HEVC files with bogus references.
- Fix libass storage size and crash.
- Fix decoding errors on macOS hw decoding on some HEVC files.
+ Video Output:
- Fix color regression with VAAPI/iOS and OpenGL output.
- Fix some resizing issues with OpenGL on GLX/EGL/X11/XV.
- Fix Direct3d9 texture stretching.
- Fix 10-bit accelerated video filters on macOS.
+ Playlist: Avoid playlist liveloop on failed/tiny items (temporize EOS
bursts).
+ Misc:
- Misc fixes for the extension UI on macOS.
- Improve SMBv1 and SMBv2 behaviours.
- Improve FTP compatibility.
- Support RISC-V.
- Fix AVI muxing for Windows Media Player compatibility.
- Fix seeking speed on macOS.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2022-10252=1


Package List:

- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le s390x x86_64):

libvlc5-3.0.18-bp153.2.6.1
libvlccore9-3.0.18-bp153.2.6.1
vlc-3.0.18-bp153.2.6.1
vlc-codec-gstreamer-3.0.18-bp153.2.6.1
vlc-devel-3.0.18-bp153.2.6.1
vlc-jack-3.0.18-bp153.2.6.1
vlc-noX-3.0.18-bp153.2.6.1
vlc-opencv-3.0.18-bp153.2.6.1
vlc-qt-3.0.18-bp153.2.6.1
vlc-vdpau-3.0.18-bp153.2.6.1

- openSUSE Backports SLE-15-SP3 (noarch):

vlc-lang-3.0.18-bp153.2.6.1

References:

  https://www.suse.com/security/cve/CVE-2020-0499.html
  https://www.suse.com/security/cve/CVE-2021-0561.html
  https://www.suse.com/security/cve/CVE-2022-41325.html
  https://bugzilla.suse.com/1200944
  https://bugzilla.suse.com/1206142