SUSE 5181 Published by

A vlc security update has been released for openSUSE Leap 15.2.



openSUSE-SU-2021:0691-1: moderate: Security update for vlc


openSUSE Security Update: Security update for vlc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:0691-1
Rating: moderate
References: #1181918
Cross-References: CVE-2020-26664
CVSS scores:
CVE-2020-26664 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for vlc fixes the following issues:

Update to version 3.0.13:

+ Demux:

- Adaptive: fix artefacts in HLS streams with wrong profiles/levels
- Fix regression on some MP4 files for the audio track
- Fix MPGA and ADTS probing in TS files
- Fix Flac inside AVI files
- Fix VP9/Webm artefacts when seeking

+ Codec:

- Support SSA text scaling
- Fix rotation on Android rotation
- Fix WebVTT subtitles that start at 00:00

+ Access:

- Update libnfs to support NFSv4
- Improve SMB2 integration
- Fix Blu-ray files using Unicode names on Windows
- Disable mcast lookups on Android for RTSP playback

+ Video Output: Rework the D3D11 rendering wait, to fix choppiness on
display
+ Interfaces:

- Fix VLC getting stuck on close on X11 (#21875)
- Improve RTL on preferences on macOS
- Add mousewheel horizontal axis control
- Fix crash on exit on macOS
- Fix sizing of the fullscreen controls on macOS

+ Misc:

- Improve MIDI fonts search on Linux
- Update Soundcloud, Youtube, liveleak
- Fix compilation with GCC11
- Fix input-slave option for subtitles
+ Updated translations.

Update to version 3.0.12:

+ Access: Add new RIST access module compliant with simple profile
(VSF_TR-06-1).
+ Access Output: Add new RIST access output module compliant with simple
profile (VSF_TR-06-1).
+ Demux: Fixed adaptive's handling of resolution settings.
+ Audio output: Fix audio distortion on macOS during start of playback.
+ Video Output: Direct3D11: Fix some potential crashes when using video
filters.
+ Misc:

- Several fixes in the web interface, including privacy and security
improvements
- Update YouTube and Vocaroo scripts.

+ Updated translations.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-691=1


Package List:

- openSUSE Leap 15.2 (noarch):

vlc-lang-3.0.13-lp152.2.12.1

- openSUSE Leap 15.2 (x86_64):

libvlc5-3.0.13-lp152.2.12.1
libvlc5-debuginfo-3.0.13-lp152.2.12.1
libvlccore9-3.0.13-lp152.2.12.1
libvlccore9-debuginfo-3.0.13-lp152.2.12.1
vlc-3.0.13-lp152.2.12.1
vlc-codec-gstreamer-3.0.13-lp152.2.12.1
vlc-codec-gstreamer-debuginfo-3.0.13-lp152.2.12.1
vlc-debuginfo-3.0.13-lp152.2.12.1
vlc-debugsource-3.0.13-lp152.2.12.1
vlc-devel-3.0.13-lp152.2.12.1
vlc-jack-3.0.13-lp152.2.12.1
vlc-jack-debuginfo-3.0.13-lp152.2.12.1
vlc-noX-3.0.13-lp152.2.12.1
vlc-noX-debuginfo-3.0.13-lp152.2.12.1
vlc-opencv-3.0.13-lp152.2.12.1
vlc-opencv-debuginfo-3.0.13-lp152.2.12.1
vlc-qt-3.0.13-lp152.2.12.1
vlc-qt-debuginfo-3.0.13-lp152.2.12.1
vlc-vdpau-3.0.13-lp152.2.12.1
vlc-vdpau-debuginfo-3.0.13-lp152.2.12.1

References:

  https://www.suse.com/security/cve/CVE-2020-26664.html
  https://bugzilla.suse.com/1181918