Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2021-691.NASLHistoryMay 18, 2021 - 12:00 a.m.
openSUSE Security Update : vlc (openSUSE-2021-691)
2021-05-1800:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.1%
This update for vlc fixes the following issues :
Update to version 3.0.13 :
- Demux :
-
Adaptive: fix artefacts in HLS streams with wrong profiles/levels
-
Fix regression on some MP4 files for the audio track
-
Fix MPGA and ADTS probing in TS files
-
Fix Flac inside AVI files
-
Fix VP9/Webm artefacts when seeking
- Codec :
-
Support SSA text scaling
-
Fix rotation on Android rotation
-
Fix WebVTT subtitles that start at 00:00
- Access :
-
Update libnfs to support NFSv4
-
Improve SMB2 integration
-
Fix Blu-ray files using Unicode names on Windows
-
Disable mcast lookups on Android for RTSP playback
-
Video Output: Rework the D3D11 rendering wait, to fix choppiness on display
-
Interfaces :
-
Fix VLC getting stuck on close on X11 (#21875)
-
Improve RTL on preferences on macOS
-
Add mousewheel horizontal axis control
-
Fix crash on exit on macOS
-
Fix sizing of the fullscreen controls on macOS
- Misc :
-
Improve MIDI fonts search on Linux
-
Update Soundcloud, Youtube, liveleak
-
Fix compilation with GCC11
-
Fix input-slave option for subtitles
- Updated translations.
Update to version 3.0.12 :
-
Access: Add new RIST access module compliant with simple profile (VSF_TR-06-1).
-
Access Output: Add new RIST access output module compliant with simple profile (VSF_TR-06-1).
-
Demux: Fixed adaptive’s handling of resolution settings.
-
Audio output: Fix audio distortion on macOS during start of playback.
-
Video Output: Direct3D11: Fix some potential crashes when using video filters.
-
Misc :
-
Several fixes in the web interface, including privacy and security improvements
-
Update YouTube and Vocaroo scripts.
- Updated translations.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2021-691.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149579);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/01");
script_cve_id("CVE-2020-26664");
script_name(english:"openSUSE Security Update : vlc (openSUSE-2021-691)");
script_set_attribute(attribute:"synopsis", value:
"The remote openSUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"This update for vlc fixes the following issues :
Update to version 3.0.13 :
+ Demux :
- Adaptive: fix artefacts in HLS streams with wrong
profiles/levels
- Fix regression on some MP4 files for the audio track
- Fix MPGA and ADTS probing in TS files
- Fix Flac inside AVI files
- Fix VP9/Webm artefacts when seeking
+ Codec :
- Support SSA text scaling
- Fix rotation on Android rotation
- Fix WebVTT subtitles that start at 00:00
+ Access :
- Update libnfs to support NFSv4
- Improve SMB2 integration
- Fix Blu-ray files using Unicode names on Windows
- Disable mcast lookups on Android for RTSP playback
+ Video Output: Rework the D3D11 rendering wait, to fix
choppiness on display
+ Interfaces :
- Fix VLC getting stuck on close on X11 (#21875)
- Improve RTL on preferences on macOS
- Add mousewheel horizontal axis control
- Fix crash on exit on macOS
- Fix sizing of the fullscreen controls on macOS
+ Misc :
- Improve MIDI fonts search on Linux
- Update Soundcloud, Youtube, liveleak
- Fix compilation with GCC11
- Fix input-slave option for subtitles
+ Updated translations.
Update to version 3.0.12 :
+ Access: Add new RIST access module compliant with simple
profile (VSF_TR-06-1).
+ Access Output: Add new RIST access output module
compliant with simple profile (VSF_TR-06-1).
+ Demux: Fixed adaptive's handling of resolution settings.
+ Audio output: Fix audio distortion on macOS during start
of playback.
+ Video Output: Direct3D11: Fix some potential crashes
when using video filters.
+ Misc :
- Several fixes in the web interface, including privacy
and security improvements
- Update YouTube and Vocaroo scripts.
+ Updated translations.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1181918");
script_set_attribute(attribute:"solution", value:
"Update the affected vlc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-26664");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/01/08");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/05/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore9-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-codec-gstreamer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-codec-gstreamer-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-jack");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-jack-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-opencv");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-opencv-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-vdpau");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-vdpau-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.2", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE15.2", reference:"libvlc5-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libvlc5-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libvlccore9-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"libvlccore9-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-codec-gstreamer-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-codec-gstreamer-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-debugsource-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-devel-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-jack-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-jack-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-lang-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-noX-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-noX-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-opencv-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-opencv-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-qt-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-qt-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-vdpau-3.0.13-lp152.2.12.1") ) flag++;
if ( rpm_check(release:"SUSE15.2", reference:"vlc-vdpau-debuginfo-3.0.13-lp152.2.12.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvlc5 / libvlc5-debuginfo / libvlccore9 / libvlccore9-debuginfo / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libvlc5 | p-cpe:/a:novell:opensuse:libvlc5 |
| novell | opensuse | libvlc5-debuginfo | p-cpe:/a:novell:opensuse:libvlc5-debuginfo |
| novell | opensuse | libvlccore9 | p-cpe:/a:novell:opensuse:libvlccore9 |
| novell | opensuse | libvlccore9-debuginfo | p-cpe:/a:novell:opensuse:libvlccore9-debuginfo |
| novell | opensuse | vlc | p-cpe:/a:novell:opensuse:vlc |
| novell | opensuse | vlc-codec-gstreamer | p-cpe:/a:novell:opensuse:vlc-codec-gstreamer |
| novell | opensuse | vlc-codec-gstreamer-debuginfo | p-cpe:/a:novell:opensuse:vlc-codec-gstreamer-debuginfo |
| novell | opensuse | vlc-debuginfo | p-cpe:/a:novell:opensuse:vlc-debuginfo |
| novell | opensuse | vlc-debugsource | p-cpe:/a:novell:opensuse:vlc-debugsource |
| novell | opensuse | vlc-devel | p-cpe:/a:novell:opensuse:vlc-devel |
Related
openvas
openvas
Debian: Security Advisory (DLA-3050-1)
2022-06-11 00:00:00
openSUSE: Security Advisory for vlc (openSUSE-SU-2021:0691-1)
2021-05-12 00:00:00
openSUSE: Security Advisory for vlc (openSUSE-SU-2021:0091-1)
2021-04-16 00:00:00
nvd
nvd
CVE-2020-26664
2021-01-08 18:15:13
debian
debian
[SECURITY] [DLA 3050-1] vlc security update
2022-06-10 16:55:16
[SECURITY] [DSA 4834-1] vlc security update
2021-01-22 18:47:52
nessus
nessus
VLC < 3.0.12 Buffer Overflow
2021-02-04 00:00:00
GLSA-202101-37 : VLC: Buffer overflow
2021-01-29 00:00:00
Debian DLA-3050-1 : vlc - LTS security update
2022-06-11 00:00:00
ubuntucve
ubuntucve
CVE-2020-26664
2021-01-08 00:00:00
debiancve
debiancve
CVE-2020-26664
2021-01-08 18:15:13
prion
prion
Heap overflow
2021-01-08 18:15:00
osv
osv
vlc - security update
2022-06-10 00:00:00
CVE-2020-26664
2021-01-08 18:15:13
vlc - security update
2021-01-22 00:00:00
suse
suse
Security update for vlc (moderate)
2021-05-12 00:00:00
Security update for vlc (moderate)
2021-05-09 00:00:00
Security update for vlc (important)
2021-01-16 00:00:00
cvelist
cvelist
CVE-2020-26664
2021-01-08 17:40:41
archlinux
archlinux
[ASA-202101-35] vlc: arbitrary code execution
2021-01-20 00:00:00
alpinelinux
alpinelinux
CVE-2020-26664
2021-01-08 18:15:13
cve
cve
CVE-2020-26664
2021-01-08 18:15:13
veracode
veracode
Arbitrary Code Execution
2021-01-21 03:07:20
gentoo
gentoo
VLC: Buffer overflow
2021-01-29 00:00:00
malwarebytes
malwarebytes
Insights into your unpatched vulnerabilities
2023-12-11 10:17:48
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.1%
Related for OPENSUSE-2021-691.NASL