Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.2073
vlc security update
17 June 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: vlc
Publisher: Debian
Operating System: Debian GNU/Linux 9
Debian GNU/Linux 10
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-13428
Original Bulletin:
http://www.debian.org/security/2020/dsa-4704
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running vlc check for an updated version of the software for their
operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4704-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
June 16, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : vlc
CVE ID : CVE-2020-13428
A vulnerability was discovered in the VLC media player, which could
result in the execution of arbitrary code or denial of service if a
malformed video file is opened.
For the oldstable distribution (stretch), this problem has been fixed
in version 3.0.11-0+deb9u1.
For the stable distribution (buster), this problem has been fixed in
version 3.0.11-0+deb10u1.
We recommend that you upgrade your vlc packages.
For the detailed security status of vlc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vlc
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7pKl0ACgkQEMKTtsN8
TjbTIBAAj7j647Nb9YWdabn1oia2JnkW51K0lLrxKLgd3snfKkYG+gUMl1LBYLFG
bnpUi45PwGBiF3JMX2ctB5ESOfFkN63YCX5ft+MAvmrL5crJ5wdK+KPptKBsojeN
X2uUdtw8930IivY8DvW1DCZ2zPe8JvHNe+YnFitcL8i8m4mAz8XKm2NfN4eUhQDu
M3QUidz2QI8QbrtqUGCv+h4USBGRyqUjpJfLv3eNClqYMjGkDo/WOxn4IL2uyLdh
xsSritrCDeoyIYBGlahdeDOYJN+yvHFsTU9CjQGFInHzvQ2Dz2TlD+z+aItI2NZ1
FdJqJWXk5QRjVPVYBYPnhRoFSdwK9cGDx7dNxs5wbsc3PmhWW17TJgVBWNsFHu30
QhqySjrTP/VlMI8iObKBkPc43IaK5bo2vnZkdgQD8AKq+YpFdK+X+/fzEua1mrpX
+RCFBehLSoEXSxiHBFMQhZDpJx0R3yXgbtXYp+U+vfcNkOSpAU7xlz88VK5cr82e
uGCwQ0zte6mzAjywS+ZdfpTtNwN4i8qajryDSiNMsuEQnhbfifx7zi054oMBJyDI
8z/vLq6XrDdSTnUAMK5E12syJrNXrF78pYkm5XJitkZd8LoefMnaib3DMOP+1g6s
t6TuRddR71NFr3SAzv4VDhlVcg5NI+kb1UIwD4v3JxkBTiU3lEc=
=fsQa
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXulaWeNLKJtyKPYoAQhwxw/+N1s2scbKSGiO+geoHEg4G5og3kqU/NuT
9nNsKzWaGMMvM1gxr8lForX3DvfsGcQ8tWNGQ14VcTBe5QUKuQKXxqJPpoZGELio
NB7g/XLkjU73Dv+EhBMkntfr/j8MmTkXa4HV9dd87D4i4ZZ5phCxG+ufmgeJyEvk
iosT2q81afH+txyqWt3IV7Nu0M0Q+Wsom3NMfyknMl9/LJAupUmoeWCch2rfhCgH
yUUSoY2pvAvpBHX8mic3jsR4vV+9CcVgvnW6zshUvHq1+5SFNScFZilpzQv3guHV
k4tUs5D9iOJV3vUFY4HDyS7IJaH0tafsoEXhlucFHEDwE5d6r01xYaCD9tbALRMa
FqLpo01T7g6fuVSzv0jTk6W8Tl0pWOeF15GSiANSUBpIrt5OJKjUe+ci2z64iLne
+t5rvO5h71yCIOxLGpTXj/h6fq6H3zjYIg8o5mf3l4o/OG+LNWbxPi3lKRcBVEHq
IvYR9w/VY0DDDqtXOvMzM8F5+RjwyIoZ1ACjm2ujBLcWe0l1FawzPNpSzEGRnpZW
LlbH+Y6qaNjnOhx4BYsXxzFhH+kRgzep954iHzF9CmRfb0v97VMkagDrgqUCXfeu
k0rKv1v502Z10GyOl+F6S969Q3DTPHeQ2HRiSJEiE6eBlgndrbGESdDrc6ZJChab
16RoJZGI0o8=
=hnia
-----END PGP SIGNATURE-----