openSUSE2021:0691-1: moderate: Security update for vlc

openSUSE Security Update: Security update for vlc ______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:0691-1 Rating: moderate References: #1181918 Cross-References: CVE-2020-26664 CVSS scores: CVE-2020-26664 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________
An update that fixes one vulnerability is now available.
Description:
This update for vlc fixes the following issues:
Update to version 3.0.13:
+ Demux:
– Adaptive: fix artefacts in HLS streams with wrong profiles/levels – Fix regression on some MP4 files for the audio track – Fix MPGA and ADTS probing in TS files – Fix Flac inside AVI files – Fix VP9/Webm artefacts when seeking
+ Codec:
– Support SSA text scaling – Fix rotation on Android rotation – Fix WebVTT subtitles that start at 00:00
+ Access:
– Update libnfs to support NFSv4 – Improve SMB2 integration – Fix Blu-ray files using Unicode names on Windows – Disable mcast lookups on Android for RTSP playback
+ Video Output: Rework the D3D11 rendering wait, to fix choppiness on display + Interfaces:
– Fix VLC getting stuck on close on X11 (#21875) – Improve RTL on preferences on macOS – Add mousewheel horizontal axis control – Fix crash on exit on macOS – Fix sizing of the fullscreen controls on macOS
+ Misc:
– Improve MIDI fonts search on Linux – Update Soundcloud, Youtube, liveleak – Fix compilation with GCC11 – Fix input-slave option for subtitles + Updated translations.
Update to version 3.0.12:
+ Access: Add new RIST access module compliant with simple profile (VSF_TR-06-1). + Access Output: Add new RIST access output module compliant with simple profile (VSF_TR-06-1). + Demux: Fixed adaptive’s handling of resolution settings. + Audio output: Fix audio distortion on macOS during start of playback. + Video Output: Direct3D11: Fix some potential crashes when using video filters. + Misc:
– Several fixes in the web interface, including privacy and security improvements – Update YouTube and Vocaroo scripts.
+ Updated translations.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-691=1

Package List:
– openSUSE Leap 15.2 (noarch):
vlc-lang-3.0.13-lp152.2.12.1
– openSUSE Leap 15.2 (x86_64):
libvlc5-3.0.13-lp152.2.12.1 libvlc5-debuginfo-3.0.13-lp152.2.12.1 libvlccore9-3.0.13-lp152.2.12.1 libvlccore9-debuginfo-3.0.13-lp152.2.12.1 vlc-3.0.13-lp152.2.12.1 vlc-codec-gstreamer-3.0.13-lp152.2.12.1 vlc-codec-gstreamer-debuginfo-3.0.13-lp152.2.12.1 vlc-debuginfo-3.0.13-lp152.2.12.1 vlc-debugsource-3.0.13-lp152.2.12.1 vlc-devel-3.0.13-lp152.2.12.1 vlc-jack-3.0.13-lp152.2.12.1 vlc-jack-debuginfo-3.0.13-lp152.2.12.1 vlc-noX-3.0.13-lp152.2.12.1 vlc-noX-debuginfo-3.0.13-lp152.2.12.1 vlc-opencv-3.0.13-lp152.2.12.1 vlc-opencv-debuginfo-3.0.13-lp152.2.12.1 vlc-qt-3.0.13-lp152.2.12.1 vlc-qt-debuginfo-3.0.13-lp152.2.12.1 vlc-vdpau-3.0.13-lp152.2.12.1 vlc-vdpau-debuginfo-3.0.13-lp152.2.12.1
References:
www.suse.com/security/cve/CVE-2020-26664.html bugzilla.suse.com/1181918