Advisories » MGASA-2018-0400

Updated vlc packages fix security vulnerability

Publication date: 19 Oct 2018
Modification date: 17 Feb 2022
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-11529

Description

This update provides vlc 3.0.4 and fixes at least the following security
issue:

A use-after-free was discovered in the MP4 demuxer of the VLC media player,
which could result in the execution of arbitrary code if a malformed media
file is played (CVE-2018-11529)

For other fixes in this update, see the referenced NEWS.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23092
• https://www.debian.org/security/2018/dsa-4251
• https://www.videolan.org/developers/vlc-branch/NEWS
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11529

SRPMS

6/core

• vlc-3.0.4-1.mga6

6/tainted

• vlc-3.0.4-1.mga6.tainted