UbuntuUpdates.org

Package "vlc"

Name: vlc

Description:

multimedia player and streamer
Latest version: 2.2.2-5ubuntu0.16.04.4
Release: xenial (16.04)
Level: security
Repository: universe
Homepage: http://www.videolan.org/vlc/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "vlc"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "vlc" in Xenial

Repository Area Version
base universe 2.2.2-5
updates universe 2.2.2-5ubuntu0.16.04.4

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 2.2.2-5ubuntu0.16.04.4 2017-08-11 16:06:31 UTC

  vlc (2.2.2-5ubuntu0.16.04.4) xenial-security; urgency=medium

  * SECURITY UPDATE: flac: Fix heap write overflow on frame format change
    (LP: #1709420)
    - fix-CVE-2017-9300.patch
    - CVE-2017-9300

 -- Simon Quigley <email address hidden> Tue, 08 Aug 2017 13:59:52 -0500
Source diff to previous version
1709420 [CVE] flac: Fix heap write overflow on frame format change
CVE-2017-9300 plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and applica

Version: 2.2.2-5ubuntu0.16.04.3 2017-07-11 00:06:55 UTC

  vlc (2.2.2-5ubuntu0.16.04.3) xenial-security; urgency=high

  * SECURITY UPDATE: reject invalid QuickTime IMA files (LP: #1693893)
    - fix-CVE-2016-5108.patch
    - CVE-2016-5108
  * SECURITY UPDATE: Crash due to Out-of-Bound Heap Memory Write
    - fix-CVE-2017-10699.patch
    - CVE-2017-10699
  * SECURITY UPDATE: Fix potential out of bound reads
    - fix-CVE-2017-8310.patch
    - CVE-2017-8310
  * SECURITY UPDATE: Fix invalid double increment
    - fix-CVE-2017-8311.patch
    - CVE-2017-8311
  * SECURITY UPDATE: Fix potential heap buffer overflow
    - fix-CVE-2017-8312.patch
    - CVE-2017-8312
  * SECURITY UPDATE: ParseJSS: fix out-of-bounds read
    - fix-CVE-2017-8313.patch
    - CVE-2017-8313

 -- Simon Quigley <email address hidden> Fri, 07 Jul 2017 06:54:34 -0500
1693893 Fix out-of-bounds read, potential heap buffer overflow, and other CVEs
CVE-2016-5108 Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media player before 2.2.4 allows remote attackers to cause
CVE-2017-1069 RESERVED
CVE-2017-8310 Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due to missing check of string termination allows attackers to read data beyond al
CVE-2017-8311 Potential heap based buffer overflow in ParseJSS in VideoLAN VLC before 2.2.5 due to skipping NULL terminator in an input string allows attackers to
CVE-2017-8312 Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing check of string length allows attackers to read heap uninitialized data via a craft
CVE-2017-8313 Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to missing check of string termination allows attackers to read data beyond alloc


About   -   Send Feedback to @ubuntu_updates