SUSE 5147 Published by

A vlc security update has been released for SUSE Linux Enterprise 15 SP2.



openSUSE-SU-2021:0714-1: moderate: Security update for vlc


openSUSE Security Update: Security update for vlc
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:0714-1
Rating: moderate
References: #1181918
Cross-References: CVE-2020-26664
CVSS scores:
CVE-2020-26664 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:
openSUSE Backports SLE-15-SP2
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for vlc fixes the following issues:

Update to version 3.0.13:

+ Demux:

- Adaptive: fix artefacts in HLS streams with wrong profiles/levels
- Fix regression on some MP4 files for the audio track
- Fix MPGA and ADTS probing in TS files
- Fix Flac inside AVI files
- Fix VP9/Webm artefacts when seeking

+ Codec:

- Support SSA text scaling
- Fix rotation on Android rotation
- Fix WebVTT subtitles that start at 00:00

+ Access:

- Update libnfs to support NFSv4
- Improve SMB2 integration
- Fix Blu-ray files using Unicode names on Windows
- Disable mcast lookups on Android for RTSP playback

+ Video Output: Rework the D3D11 rendering wait, to fix choppiness on
display
+ Interfaces:

- Fix VLC getting stuck on close on X11 (#21875)
- Improve RTL on preferences on macOS
- Add mousewheel horizontal axis control
- Fix crash on exit on macOS
- Fix sizing of the fullscreen controls on macOS

+ Misc:

- Improve MIDI fonts search on Linux
- Update Soundcloud, Youtube, liveleak
- Fix compilation with GCC11
- Fix input-slave option for subtitles
+ Updated translations.

Update to version 3.0.12:

+ Access: Add new RIST access module compliant with simple profile
(VSF_TR-06-1).
+ Access Output: Add new RIST access output module compliant with simple
profile (VSF_TR-06-1).
+ Demux: Fixed adaptive's handling of resolution settings.
+ Audio output: Fix audio distortion on macOS during start of playback.
+ Video Output: Direct3D11: Fix some potential crashes when using video
filters.
+ Misc:

- Several fixes in the web interface, including privacy and security
improvements
- Update YouTube and Vocaroo scripts.

+ Updated translations.

This update was imported from the openSUSE:Leap:15.2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2021-714=1


Package List:

- openSUSE Backports SLE-15-SP2 (aarch64 ppc64le s390x x86_64):

libvlc5-3.0.13-bp152.2.12.1
libvlccore9-3.0.13-bp152.2.12.1
vlc-3.0.13-bp152.2.12.1
vlc-codec-gstreamer-3.0.13-bp152.2.12.1
vlc-devel-3.0.13-bp152.2.12.1
vlc-jack-3.0.13-bp152.2.12.1
vlc-noX-3.0.13-bp152.2.12.1
vlc-opencv-3.0.13-bp152.2.12.1
vlc-qt-3.0.13-bp152.2.12.1
vlc-vdpau-3.0.13-bp152.2.12.1

- openSUSE Backports SLE-15-SP2 (noarch):

vlc-lang-3.0.13-bp152.2.12.1

References:

  https://www.suse.com/security/cve/CVE-2020-26664.html
  https://bugzilla.suse.com/1181918