Updated vlc packages fix security vulnerabilities
Publication date: 08 May 2020Modification date: 08 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-19721 , CVE-2020-6071 , CVE-2020-6072 , CVE-2020-6073 , CVE-2020-6077 , CVE-2020-6078 , CVE-2020-6079 , CVE-2020-6080
Description
Multiple security issues were discovered in the microdns plugin of the
VLC media player, which could result in denial of service or potentially
the execution of arbitrary code via malicious mDNS packets (CVE-2020-6071,
CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079,
CVE-2020-6080).
VLC has been updated to 3.0.10 to fix theese and other issues.
References
- https://bugs.mageia.org/show_bug.cgi?id=26467
- https://www.videolan.org/security/sb-vlc309.html
- https://www.videolan.org/developers/vlc-branch/NEWS
- https://www.debian.org/security/2020/dsa-4671
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19721
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6071
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6072
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6073
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6077
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6078
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6079
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6080
SRPMS
7/core
- vlc-3.0.10-1.mga7
7/tainted
- vlc-3.0.10-1.mga7.tainted