Security update for vlc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10255-1 Final 1 1 2022-12-31T15:39:13Z current 2022-12-31T15:39:13Z 2022-12-31T15:39:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for vlc This update for vlc fixes the following issues: - Update to version 3.0.18 (CVE-2022-41325, boo#1206142): + macOS: Fix audio device listing with non-latin names. + Misc: Fix rendering and performance issue with older GPUs. + Updated translations. - Changes from version 3.0.18-rc2: + Codec/Demux: - Add support for Y16 chroma. - Fix build of gme plugin. + Lua: - Fix script for vocaroo. - Fix script for youtube to allow throttled playback. + Service Discovery: Fix UPnP regression on Windows. + Video Output: Fix video placement with caopengllayer. + Misc: Fix password search in kwallet module. - Changes from version 3.0.18-rc: + Demux: - Major adaptive streaming update, notably for multiple timelies and webvtt. - Fix seeking with some fragmented MP4 files. - Add support for DVBSub inside MKV. - Fix some Flac files that could not be played. - Improve seeking in Ogg files. + Decoders: - Fix DxVA/D3D11 crashes on HEVC files with bogus references. - Fix libass storage size and crash. - Fix decoding errors on macOS hw decoding on some HEVC files. + Video Output: - Fix color regression with VAAPI/iOS and OpenGL output. - Fix some resizing issues with OpenGL on GLX/EGL/X11/XV. - Fix Direct3d9 texture stretching. - Fix 10-bit accelerated video filters on macOS. + Playlist: Avoid playlist liveloop on failed/tiny items (temporize EOS bursts). + Misc: - Misc fixes for the extension UI on macOS. - Improve SMBv1 and SMBv2 behaviours. - Improve FTP compatibility. - Support RISC-V. - Fix AVI muxing for Windows Media Player compatibility. - Fix seeking speed on macOS. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10255 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TXMTJ3ZZG5E7QEUM6474V4XEGYBLFI7Q/ E-Mail link for openSUSE-SU-2022:10255-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1200944 SUSE Bug 1200944 https://bugzilla.suse.com/1206142 SUSE Bug 1206142 https://www.suse.com/security/cve/CVE-2022-41325/ SUSE CVE CVE-2022-41325 page SUSE Package Hub 15 SP4 openSUSE Leap 15.4 libvlc5-3.0.18-bp154.2.3.1 libvlccore9-3.0.18-bp154.2.3.1 vlc-3.0.18-bp154.2.3.1 vlc-codec-gstreamer-3.0.18-bp154.2.3.1 vlc-devel-3.0.18-bp154.2.3.1 vlc-jack-3.0.18-bp154.2.3.1 vlc-lang-3.0.18-bp154.2.3.1 vlc-noX-3.0.18-bp154.2.3.1 vlc-opencv-3.0.18-bp154.2.3.1 vlc-qt-3.0.18-bp154.2.3.1 vlc-vdpau-3.0.18-bp154.2.3.1 libvlc5-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 libvlccore9-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-codec-gstreamer-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-devel-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-jack-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-lang-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-noX-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-opencv-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-qt-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 vlc-vdpau-3.0.18-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 libvlc5-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 libvlccore9-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-codec-gstreamer-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-devel-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-jack-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-lang-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-noX-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-opencv-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-qt-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 vlc-vdpau-3.0.18-bp154.2.3.1 as a component of openSUSE Leap 15.4 An integer overflow in the VNC module in VideoLAN VLC Media Player through 3.0.17.4 allows attackers, by tricking a user into opening a crafted playlist or connecting to a rogue VNC server, to crash VLC or execute code under some conditions. CVE-2022-41325 SUSE Package Hub 15 SP4:libvlc5-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:libvlccore9-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-codec-gstreamer-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-devel-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-jack-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-lang-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-noX-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-opencv-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-qt-3.0.18-bp154.2.3.1 SUSE Package Hub 15 SP4:vlc-vdpau-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:libvlc5-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:libvlccore9-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-codec-gstreamer-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-devel-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-jack-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-lang-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-noX-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-opencv-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-qt-3.0.18-bp154.2.3.1 openSUSE Leap 15.4:vlc-vdpau-3.0.18-bp154.2.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TXMTJ3ZZG5E7QEUM6474V4XEGYBLFI7Q/ https://www.suse.com/security/cve/CVE-2022-41325.html CVE-2022-41325 https://bugzilla.suse.com/1206142 SUSE Bug 1206142