Security Information / 2020 / Security Information -- DSA-4671-1 vlc

Debian Security Advisory

DSA-4671-1 vlc -- security update

Date Reported:

30 Apr 2020

Affected Packages:

vlc

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080.

More information:

Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets.

For the oldstable distribution (stretch), these problems have been fixed in version 3.0.10-0+deb9u1. This update disables the microdns plugin.

For the stable distribution (buster), these problems have been fixed in version 3.0.10-0+deb10u1. This update disables the microdns plugin.

We recommend that you upgrade your vlc packages.

For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc