Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.2073 vlc security update 17 June 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: vlc Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 10 UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-13428 Original Bulletin: http://www.debian.org/security/2020/dsa-4704 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running vlc check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4704-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 16, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : vlc CVE ID : CVE-2020-13428 A vulnerability was discovered in the VLC media player, which could result in the execution of arbitrary code or denial of service if a malformed video file is opened. For the oldstable distribution (stretch), this problem has been fixed in version 3.0.11-0+deb9u1. For the stable distribution (buster), this problem has been fixed in version 3.0.11-0+deb10u1. We recommend that you upgrade your vlc packages. For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl7pKl0ACgkQEMKTtsN8 TjbTIBAAj7j647Nb9YWdabn1oia2JnkW51K0lLrxKLgd3snfKkYG+gUMl1LBYLFG bnpUi45PwGBiF3JMX2ctB5ESOfFkN63YCX5ft+MAvmrL5crJ5wdK+KPptKBsojeN X2uUdtw8930IivY8DvW1DCZ2zPe8JvHNe+YnFitcL8i8m4mAz8XKm2NfN4eUhQDu M3QUidz2QI8QbrtqUGCv+h4USBGRyqUjpJfLv3eNClqYMjGkDo/WOxn4IL2uyLdh xsSritrCDeoyIYBGlahdeDOYJN+yvHFsTU9CjQGFInHzvQ2Dz2TlD+z+aItI2NZ1 FdJqJWXk5QRjVPVYBYPnhRoFSdwK9cGDx7dNxs5wbsc3PmhWW17TJgVBWNsFHu30 QhqySjrTP/VlMI8iObKBkPc43IaK5bo2vnZkdgQD8AKq+YpFdK+X+/fzEua1mrpX +RCFBehLSoEXSxiHBFMQhZDpJx0R3yXgbtXYp+U+vfcNkOSpAU7xlz88VK5cr82e uGCwQ0zte6mzAjywS+ZdfpTtNwN4i8qajryDSiNMsuEQnhbfifx7zi054oMBJyDI 8z/vLq6XrDdSTnUAMK5E12syJrNXrF78pYkm5XJitkZd8LoefMnaib3DMOP+1g6s t6TuRddR71NFr3SAzv4VDhlVcg5NI+kb1UIwD4v3JxkBTiU3lEc= =fsQa - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXulaWeNLKJtyKPYoAQhwxw/+N1s2scbKSGiO+geoHEg4G5og3kqU/NuT 9nNsKzWaGMMvM1gxr8lForX3DvfsGcQ8tWNGQ14VcTBe5QUKuQKXxqJPpoZGELio NB7g/XLkjU73Dv+EhBMkntfr/j8MmTkXa4HV9dd87D4i4ZZ5phCxG+ufmgeJyEvk iosT2q81afH+txyqWt3IV7Nu0M0Q+Wsom3NMfyknMl9/LJAupUmoeWCch2rfhCgH yUUSoY2pvAvpBHX8mic3jsR4vV+9CcVgvnW6zshUvHq1+5SFNScFZilpzQv3guHV k4tUs5D9iOJV3vUFY4HDyS7IJaH0tafsoEXhlucFHEDwE5d6r01xYaCD9tbALRMa FqLpo01T7g6fuVSzv0jTk6W8Tl0pWOeF15GSiANSUBpIrt5OJKjUe+ci2z64iLne +t5rvO5h71yCIOxLGpTXj/h6fq6H3zjYIg8o5mf3l4o/OG+LNWbxPi3lKRcBVEHq IvYR9w/VY0DDDqtXOvMzM8F5+RjwyIoZ1ACjm2ujBLcWe0l1FawzPNpSzEGRnpZW LlbH+Y6qaNjnOhx4BYsXxzFhH+kRgzep954iHzF9CmRfb0v97VMkagDrgqUCXfeu k0rKv1v502Z10GyOl+F6S969Q3DTPHeQ2HRiSJEiE6eBlgndrbGESdDrc6ZJChab 16RoJZGI0o8= =hnia -----END PGP SIGNATURE-----