[SECURITY] [DSA 4671-1] vlc security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 4671-1] vlc security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Thu, 30 Apr 2020 20:48:04 +0000
Message-id: <[🔎] 20200430204804.GA3677@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4671-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 30, 2020                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vlc
CVE ID         : CVE-2020-6071 CVE-2020-6072 CVE-2020-6073 CVE-2020-6077 
                 CVE-2020-6078 CVE-2020-6079 CVE-2020-6080

Multiple security issues were discovered in the microdns plugin of the
VLC media player, which could result in denial of service or potentially
the execution of arbitrary code via malicious mDNS packets.

For the oldstable distribution (stretch), these problems have been fixed
in version 3.0.10-0+deb9u1. This update disables the microdns plugin.

For the stable distribution (buster), these problems have been fixed in
version 3.0.10-0+deb10u1. This update disables the microdns plugin.

We recommend that you upgrade your vlc packages.

For the detailed security status of vlc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/vlc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl6rN7sACgkQEMKTtsN8
TjZAkQ//fhHYmKdfaGWZfJ1vP3Pm2EAOo+vyeZW9u/JkAPACoIuIUwsNaDnYMwI5
45ae4gMLZ0/luRMNkNSML0D+Qipzx1sm+FqkwkbitGO0KYyreagLvMLDZJAGaBTQ
3FeILf13nXV0Rx2Hx9PvvS09LX6DmypCIWWn8DabMs+OOEyeUGiM6JaCY81Ekihe
GBLsEpZQELFxbwSLv8GHjmPuV+uwu3JchK60moYwMpJgEo4Y+ngYDvWLX6PfAi6z
ost2gYeYbsAznZTHrCz7pPasCVLunWvapnZPyEDjMUcfyh+ieulaadjk0t5wMszO
Z8IdVe2JFeQhjZXhubEppUXxTtLWx4kjD+dknsVzu3wa8WPFw8Rad8xUJkYEvxgt
E0WZA6xXscKeltDtGDvTfnIDmrSE+wJE2kqTDZwx4b2ZyDwNL0kGCRdCKdBZopHi
Re5VXc30byoZj0C/w5KdYN1n8DXZRbNf5hm2atSBMbcIBgrktxOHRuut/+zw4tzp
t4LlgqlYcIsjaOWNUaO8hxuX1EAOhQT09X2da7mi6lu51zsUwhOM1BwQ5I5PK5T5
ydPwo434xkhlTEIcctxotM/eKLXExV8ExhPRD4qnGKE6TGfhQS8Fn8sFez5LSYI4
ScKTgN3WvW7eaE0MBxl3Dr+9JlSRaCbc2oDtHbPnFIFULeICFOw=
=qcxN
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 4670-1] tiff security update
Next by Date: [SECURITY] [DSA 4672-1] trafficserver security update
Previous by thread: [SECURITY] [DSA 4670-1] tiff security update
Next by thread: [SECURITY] [DSA 4672-1] trafficserver security update
Index(es):
- Date
- Thread