|
|
Log in / Subscribe / Register

Mageia alert MGASA-2018-0400 (vlc)



From:
              Mageia Updates <buildsystem-daemon@mageia.org> 


To:
              updates-announce@ml.mageia.org 


Subject:
              [updates-announce] MGASA-2018-0400: Updated vlc packages fix security vulnerability 


Date:
              Fri, 19 Oct 2018 20:01:32 +0200


Message-ID:
              <20181019180133.0532CA0017@duvel.mageia.org>


MGASA-2018-0400 - Updated vlc packages fix security vulnerability

Publication date: 19 Oct 2018
URL: https://advisories.mageia.org/MGASA-2018-0400.html
Type: security
Affected Mageia releases: 6
CVE: CVE-2018-11529

Description:
This update provides vlc 3.0.4 and fixes atleast the following security
issue:

A use-after-free was discovered in the MP4 demuxer of the VLC media player,
which could result in the execution of arbitrary code if a malformed media
file is played (CVE-2018-11529)

For other fixes in this update, see the referenced NEWS.

References:
- https://bugs.mageia.org/show_bug.cgi?id=23092
- https://www.debian.org/security/2018/dsa-4251
- https://www.videolan.org/developers/vlc-branch/NEWS
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1...

SRPMS:
- 6/tainted/vlc-3.0.4-1.mga6.tainted
- 6/core/vlc-3.0.4-1.mga6
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds