Advisories » MGASA-2018-0130

Updated mpv packages fix security vulnerability

Publication date: 22 Feb 2018
Modification date: 10 Jun 2020
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-6360

Description

Josef Gajdusek reported that mpv 0.27.0 was vulnerable to an attack through
it's youtube-dl hook. This could cause remote code execution. This upstream
update creates of list of sure protocols to use through the hook.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22558
• https://github.com/mpv-player/mpv/releases/tag/v0.27.2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6360

SRPMS

6/core

• mpv-0.27.2-1.mga6