VLC: Multiple vulnerabilities — GLSA 201603-08

Multiple vulnerabilities have been found in VLC allowing remote attackers to execute arbitrary code or cause Denial of Service.

Affected packages

media-video/vlc on all architectures
Affected versions < 2.2.1-r1
Unaffected versions >= 2.2.1-r1

Background

VLC is a cross-platform media player and streaming server.

Description

Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers could possibly execute arbitrary code or cause Denial of Service.

Workaround

There is no known work around at this time.

Resolution

All VLC users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.1-r1"
 

References

Release date
March 12, 2016

Latest revision
March 12, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries