Security update for vlc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2597-1 Final 1 1 2017-09-29T05:37:57Z current 2017-09-29T05:37:57Z 2017-09-29T05:37:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for vlc This update for vlc to version 2.2.6 fixes several issues. This security issue was fixed: - CVE-2017-9300: Heap corruption allowed remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted FLAC file (bsc#1041907). These non-security issues were fixed: - Stop depending on libkde4-devel: It's only used to find the install path for kde4, but configure falls back to the correct default for openSUSE anyway (boo#1057736). - Disable vnc access module For the various other fixes introduced by 2.2.6 please see the changelog. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-09/msg00117.html E-Mail link for openSUSE-SU-2017:2597-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 libvlc5-2.2.6-32.3.1 libvlccore8-2.2.6-32.3.1 vlc-2.2.6-32.3.1 vlc-codec-gstreamer-2.2.6-32.3.1 vlc-devel-2.2.6-32.3.1 vlc-lang-2.2.6-32.3.1 vlc-noX-2.2.6-32.3.1 vlc-qt-2.2.6-32.3.1 libvlc5-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 libvlccore8-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 vlc-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 vlc-codec-gstreamer-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 vlc-devel-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 vlc-lang-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 vlc-noX-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 vlc-qt-2.2.6-32.3.1 as a component of openSUSE Leap 42.2 plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file. CVE-2017-9300 openSUSE Leap 42.2:libvlc5-2.2.6-32.3.1 openSUSE Leap 42.2:libvlccore8-2.2.6-32.3.1 openSUSE Leap 42.2:vlc-2.2.6-32.3.1 openSUSE Leap 42.2:vlc-codec-gstreamer-2.2.6-32.3.1 openSUSE Leap 42.2:vlc-devel-2.2.6-32.3.1 openSUSE Leap 42.2:vlc-lang-2.2.6-32.3.1 openSUSE Leap 42.2:vlc-noX-2.2.6-32.3.1 openSUSE Leap 42.2:vlc-qt-2.2.6-32.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-09/msg00117.html https://www.suse.com/security/cve/CVE-2017-9300.html CVE-2017-9300 https://bugzilla.suse.com/1041907 SUSE Bug 1041907