VLC: Multiple vulnerabilities — GLSA 201603-08

Multiple vulnerabilities have been found in VLC allowing remote attackers to execute arbitrary code or cause Denial of Service.

Affected packages

Background

VLC is a cross-platform media player and streaming server.

Description

Multiple vulnerabilities have been discovered in VLC. Please review the CVE identifiers referenced below for details.

Impact

Remote attackers could possibly execute arbitrary code or cause Denial of Service.

Workaround

There is no known work around at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/vlc-2.2.1-r1"
 

References

• CVE-2014-1684
• CVE-2014-6440
• CVE-2014-9597
• CVE-2014-9598
• CVE-2014-9625
• CVE-2014-9626
• CVE-2014-9627
• CVE-2014-9628
• CVE-2014-9629
• CVE-2014-9630
• CVE-2015-1202
• CVE-2015-1203
• CVE-2015-5949
• CVE-2015-5949

Release date
March 12, 2016

Latest revision
March 12, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 534532
• 537154
• 542222
• 558418