[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[SECURITY] [DSA 4504-1] vlc security update

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [SECURITY] [DSA 4504-1] vlc security update
From: Moritz Muehlenhoff <jmm@xxxxxxxxxx>
Date: Tue, 20 Aug 2019 22:04:33 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4504-1                   security@xxxxxxxxxx
https://www.debian.org/security/                       Moritz Muehlenhoff
August 20, 2019                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vlc
CVE ID         : CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 
                 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 
                 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970

Multiple security issues were discovered in the VLC media player, which
could result in the execution of arbitrary code or denial of service if
a malformed file/stream is processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.0.8-0+deb9u1.

For the stable distribution (buster), these problems have been fixed in
version 3.0.8-0+deb10u1.

We recommend that you upgrade your vlc packages.

For the detailed security status of vlc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vlc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1cbfoACgkQEMKTtsN8
TjahTxAAiWyxMxxc2KLdqiajI5UHFIAdakLsax2DDtTDD5KKkKMqp4BNuIfzuWSS
ffiMaCfs7Wev1HV8NarnffCxEO5SnEvE6AQ8TVZwbw4hVZ1ajA30Ycs/73aPhQsK
4IZKCxhZqSjE0bL3l41kqVVhcduauBI1SzGK3++nE6Gsljv9pxQOvwwTzZeQR+rr
Apg61rnlsW9kqerDGL8GysfSBWpSPyW3RkcWwd5j+AFQCY7TmRKRDLM7PY3Fvgjp
izF+e3WWrIl4mhJTWn4XdvFJAcoB5XKPkYUnnuq4bjCNEFdEF3MFO1gJdQMslQLe
RNfLQ1q0xLegICYlXCOt7ec/bkcgofAav3hrtkd7KdqRsguL910/2QxI6k8fX45z
ifUwzMCf5WnxR2R4M1viPdi0PnnsIouEEI21ERQRaB5Lro1xslOt8wgYexIDSQX4
IWq0J9Y6xd8TvGrCMSpRp8oshAfjVcR50O9vxCJelc7n8Pan1pOGjLXhgivUVYaY
J7e+03c3zILgp+MHCw1m6gk31ria81r0TcOxQx3DFamB6GRo8zN1cPaXhaKRC2b8
qrog0oOYcET0mPzFUHV0olzOPrM8DXPKyUkU90hqjaODMf0Zuv2jPb1YIql4CWEy
hBpqn1pMmMVHaj3BzQN6lEezoxd5gF7fwUMrKbk6xpdlLmmj6vA=
=aXUT
-----END PGP SIGNATURE-----

Prev by Date: FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs
Next by Date: SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus
Previous by thread: FreeBSD Security Advisory FreeBSD-SA-19:24.mqueuefs
Next by thread: SEC Consult SA-20190821-0 :: Unauthenticated sensitive information leakage in Zoho Corporation ManageEngine ServiceDesk Plus
Index(es):
- Date
- Thread