Debian Security Advisory
DSA-4671-1 vlc -- security update
- Date Reported:
- 30 Apr 2020
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2020-6071, CVE-2020-6072, CVE-2020-6073, CVE-2020-6077, CVE-2020-6078, CVE-2020-6079, CVE-2020-6080.
- More information:
Multiple security issues were discovered in the microdns plugin of the VLC media player, which could result in denial of service or potentially the execution of arbitrary code via malicious mDNS packets.
For the oldstable distribution (stretch), these problems have been fixed in version 3.0.10-0+deb9u1. This update disables the microdns plugin.
For the stable distribution (buster), these problems have been fixed in version 3.0.10-0+deb10u1. This update disables the microdns plugin.
We recommend that you upgrade your vlc packages.
For the detailed security status of vlc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/vlc