ID OPENSUSE-2014-178.NASL Type nessus Reporter This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2014-06-13T00:00:00
Description
VLC was updated to version 2.1.3 (bnc#864422) :
Core :
Fix broken behaviour with SOCKSv5 proxies
Fix integer overflow on error when using vlc_readdir
Fix audio device selection via command line on Mac OS X
Fix audio crashes on Mac OS X
Video Output :
Fix selection of DirectDraw as the default output for XP
Fix transform off-by-one issue
Fix screensaver disabling on Windows outputs
Fix DirectDraw device enumeration and multi-display
output
Fix a potential crash when playing a fullscreen game at
the same time as VLC
Stream output :
Fix 24bits audio MTU alignment in RTP
Fix record file names
Qt interface :
Fix minimal size possible on start
Fix a crash with the simple volume widget
Fix a crash in the audio menu building
Fix multimedia keys issues on Windows
Fix opening of DVD and BD folders on Windows
HTTP interface: Fix album art display on Windows.
Updated translations.
Add update-desktop-files BuildRequires and
%desktop_database_post/postun calls to respective
scriptlets: Fix
https://bugs.links2linux.org/browse/PM-108
Update to version 2.1.2 :
Audio output :
Fix digital playback on OS X when more than one audio
device is installed.
Fix digital playback (SPDIF/HDMI) on Windows.
Fix stuttering or silent playback when using sound
enhancers or external audio devices on OS X.
Improve responsiveness on OS X when playback starts or
is being paused.
Improve responsiveness, silent playback intervals and
reliability on iOS.
Demuxers :
Fix Vimeo and DailyMotion parsing.
Various WMV playback improvements and fixes.
Decoders :
Fix LPCM 20/24-bit decoding and 16 bits with channel
padding.
Fix playback of some HEVC samples.
Video filters: Fix crash on deinterlace selection.
Qt interface :
Fix some streaming profiles when copy existed.
Improve A-B loop control.
Fix album art update when changing media.
Mac OS X interface adjustments.
Win32 installer: Kill running VLC process on
uninstall/update.
Updated translations.
More features (by adding BuildRequires) :
IDN Support (International Domain Names): libidn-devel
SFTP Access: libssh2-devel
HotKey Support: xcb-util-keysyms-devel
Complete SDL Stack: SDL_image-devel
ProjectM suppor (for openSUSE >= 12.3)
Update to version 2.1.1 :
Core :
Fix random and reshuffling behaviour.
Fix recording.
Fix some subtitles track selection.
Decoders :
VP9 support in WebM.
HEVC/H.265 support in MKV, MP4 and raw files.
Fix GPU decoding under Windows (DxVA2) crashes.
Demuxers :
Fix crashes on wav, mlp and mkv and modplug files.
Support Speex in ogg files.
Fix some .mov playlists support.
Support Alac in mkv.
Fix WMV3 and palette in AVI.
Fix FLAC packetizer issues in some files.
Access :
Fix DVB options parsing.
Fix DeckLink HDMI input.
Fix HTTPS connectivity on OS X by loading root
certificates from Keychain.
Audio output :
Fixes for DirectSound pass-through.
Fixes for OSS output, notably on BSD.
Interfaces :
Fix HTTP interface infinite loop.
Fix D-Bus volume setting.
Qt :
Reinstore right click subtitle menu to open a subtitle.
Fix saving the hotkeys in preferences.
Fix saving the audio volume on Win32, using DirectSound.
Fix play after drag'n drop.
Fix streaming options edition and scale parameter.
Stream out :
Fix transcoding audio drift issues.
Fix numerous audio encoding issues.
Win32 installer :
Important rewrite to fix numerous bugs, notably about
updates.
Simplification of the upgrade mechanism.
Mac OS X interface :
Reintroduce the language selector known from pre-2.1
releases.
Fix fullscreen behaviour and various crashes.
Fix about dialog crash in Japanese.
Fix crashes on proxy lookups.
Fixes on the playlist and information behaviours.
Fixes on the streaming dialogs.
Improves interface resizings.
Updated translations.
Pass --with-default-font=[path] and
--with-default-monospace-font=[path] to configure.
Drop fix_font_path.patch: replaced with configure
parameters above.
Recommend 'vlc' by vlc-qt: some users might go
installing the UI package directly. Having Qt most
likely also means the user has X, so we at least
recommend the vlc package relying on X.
Force creation of plugins cache in vlc-nox %post,
instead of just touching the file, for details see
https://trac.videolan.org/vlc/ticket/9807#comment:2
Update License: A lot has been relicensed to LGPL-2.1.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2014-178.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(75273);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2013-3565");
script_name(english:"openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)");
script_summary(english:"Check for the openSUSE-2014-178 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"VLC was updated to version 2.1.3 (bnc#864422) :
+ Core :
- Fix broken behaviour with SOCKSv5 proxies
- Fix integer overflow on error when using vlc_readdir
+ Access :
- Fix DVB-T2 tuning on Linux.
- Fix encrypted DVD playback.
- Fix v4l2 frequency conversion.
+ Decoders :
- Fix numerous issues (M2TS, VC1 interlaced, Lagarith,
FFv1.3, Xvid) by updating codec libraries.
- Bring fluidsynth back on Mac OS X
- Fix some Opus crashes with some filters
- Fix teletext crash on Windows
+ Demuxers :
- Avoid an infinite recursion in MKV tags parsing
- Fix an issue with some Vobsub tracks
- Fix missing samples at the end of some wav files
- Fix divide by 0 on ASF/WMV parsing
+ Audio output :
- Fix audio device selection via command line on Mac OS X
- Fix audio crashes on Mac OS X
+ Video Output :
- Fix selection of DirectDraw as the default output for XP
- Fix transform off-by-one issue
- Fix screensaver disabling on Windows outputs
- Fix DirectDraw device enumeration and multi-display
output
- Fix a potential crash when playing a fullscreen game at
the same time as VLC
+ Stream output :
- Fix 24bits audio MTU alignment in RTP
- Fix record file names
+ Qt interface :
- Fix minimal size possible on start
- Fix a crash with the simple volume widget
- Fix a crash in the audio menu building
- Fix multimedia keys issues on Windows
- Fix opening of DVD and BD folders on Windows
+ HTTP interface: Fix album art display on Windows.
+ Updated translations.
- Add update-desktop-files BuildRequires and
%desktop_database_post/postun calls to respective
scriptlets: Fix
https://bugs.links2linux.org/browse/PM-108
- Update to version 2.1.2 :
+ Audio output :
- Fix digital playback on OS X when more than one audio
device is installed.
- Fix digital playback (SPDIF/HDMI) on Windows.
- Fix stuttering or silent playback when using sound
enhancers or external audio devices on OS X.
- Improve responsiveness on OS X when playback starts or
is being paused.
- Improve responsiveness, silent playback intervals and
reliability on iOS.
+ Demuxers :
- Fix Vimeo and DailyMotion parsing.
- Various WMV playback improvements and fixes.
+ Decoders :
- Fix LPCM 20/24-bit decoding and 16 bits with channel
padding.
- Fix playback of some HEVC samples.
+ Video filters: Fix crash on deinterlace selection.
+ Qt interface :
- Fix some streaming profiles when copy existed.
- Improve A-B loop control.
- Fix album art update when changing media.
+ Mac OS X interface adjustments.
+ Win32 installer: Kill running VLC process on
uninstall/update.
+ Updated translations.
- More features (by adding BuildRequires) :
+ IDN Support (International Domain Names): libidn-devel
+ SFTP Access: libssh2-devel
+ HotKey Support: xcb-util-keysyms-devel
+ Complete SDL Stack: SDL_image-devel
+ ProjectM suppor (for openSUSE >= 12.3)
- Update to version 2.1.1 :
+ Core :
- Fix random and reshuffling behaviour.
- Fix recording.
- Fix some subtitles track selection.
+ Decoders :
- VP9 support in WebM.
- HEVC/H.265 support in MKV, MP4 and raw files.
- Fix GPU decoding under Windows (DxVA2) crashes.
+ Demuxers :
- Fix crashes on wav, mlp and mkv and modplug files.
- Support Speex in ogg files.
- Fix some .mov playlists support.
- Support Alac in mkv.
- Fix WMV3 and palette in AVI.
- Fix FLAC packetizer issues in some files.
+ Access :
- Fix DVB options parsing.
- Fix DeckLink HDMI input.
- Fix HTTPS connectivity on OS X by loading root
certificates from Keychain.
+ Audio output :
- Fixes for DirectSound pass-through.
- Fixes for OSS output, notably on BSD.
+ Interfaces :
- Fix HTTP interface infinite loop.
- Fix D-Bus volume setting.
+ Qt :
- Reinstore right click subtitle menu to open a subtitle.
- Fix saving the hotkeys in preferences.
- Fix saving the audio volume on Win32, using DirectSound.
- Fix play after drag'n drop.
- Fix streaming options edition and scale parameter.
+ Stream out :
- Fix transcoding audio drift issues.
- Fix numerous audio encoding issues.
+ Win32 installer :
- Important rewrite to fix numerous bugs, notably about
updates.
- Simplification of the upgrade mechanism.
+ Mac OS X interface :
- Reintroduce the language selector known from pre-2.1
releases.
- Fix fullscreen behaviour and various crashes.
- Fix about dialog crash in Japanese.
- Fix crashes on proxy lookups.
- Fixes on the playlist and information behaviours.
- Fixes on the streaming dialogs.
- Improves interface resizings.
+ Updated translations.
- Pass --with-default-font=[path] and
--with-default-monospace-font=[path] to configure.
- Drop fix_font_path.patch: replaced with configure
parameters above.
- Recommend 'vlc' by vlc-qt: some users might go
installing the UI package directly. Having Qt most
likely also means the user has X, so we at least
recommend the vlc package relying on X.
- Force creation of plugins cache in vlc-nox %post,
instead of just touching the file, for details see
https://trac.videolan.org/vlc/ticket/9807#comment:2
- Update License: A lot has been relicensed to LGPL-2.1."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.links2linux.org/browse/PM-108"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=864422"
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://trac.videolan.org/vlc/ticket/9807#comment:2"
);
script_set_attribute(attribute:"solution", value:"Update the affected vlc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlc5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libvlccore7-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-gnome");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-noX-lang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:vlc-qt-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/31");
script_set_attribute(attribute:"patch_publication_date", value:"2014/02/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE13.1", reference:"libvlc5-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libvlc5-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libvlccore7-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"libvlccore7-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-debugsource-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-devel-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-gnome-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-gnome-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-noX-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-noX-debuginfo-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-noX-lang-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-qt-2.1.3-10.1") ) flag++;
if ( rpm_check(release:"SUSE13.1", reference:"vlc-qt-debuginfo-2.1.3-10.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vlc");
}
{"id": "OPENSUSE-2014-178.NASL", "bulletinFamily": "scanner", "title": "openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)", "description": "VLC was updated to version 2.1.3 (bnc#864422) :\n\n + Core :\n\n - Fix broken behaviour with SOCKSv5 proxies\n\n - Fix integer overflow on error when using vlc_readdir\n\n + Access :\n\n - Fix DVB-T2 tuning on Linux.\n\n - Fix encrypted DVD playback.\n\n - Fix v4l2 frequency conversion.\n\n + Decoders :\n\n - Fix numerous issues (M2TS, VC1 interlaced, Lagarith,\n FFv1.3, Xvid) by updating codec libraries.\n\n - Bring fluidsynth back on Mac OS X\n\n - Fix some Opus crashes with some filters\n\n - Fix teletext crash on Windows\n\n + Demuxers :\n\n - Avoid an infinite recursion in MKV tags parsing\n\n - Fix an issue with some Vobsub tracks\n\n - Fix missing samples at the end of some wav files\n\n - Fix divide by 0 on ASF/WMV parsing\n\n + Audio output :\n\n - Fix audio device selection via command line on Mac OS X\n\n - Fix audio crashes on Mac OS X\n\n + Video Output :\n\n - Fix selection of DirectDraw as the default output for XP\n\n - Fix transform off-by-one issue\n\n - Fix screensaver disabling on Windows outputs\n\n - Fix DirectDraw device enumeration and multi-display\n output\n\n - Fix a potential crash when playing a fullscreen game at\n the same time as VLC\n\n + Stream output :\n\n - Fix 24bits audio MTU alignment in RTP\n\n - Fix record file names\n\n + Qt interface :\n\n - Fix minimal size possible on start\n\n - Fix a crash with the simple volume widget\n\n - Fix a crash in the audio menu building\n\n - Fix multimedia keys issues on Windows\n\n - Fix opening of DVD and BD folders on Windows\n\n + HTTP interface: Fix album art display on Windows.\n\n + Updated translations.\n\n - Add update-desktop-files BuildRequires and\n %desktop_database_post/postun calls to respective\n scriptlets: Fix\n https://bugs.links2linux.org/browse/PM-108\n\n - Update to version 2.1.2 :\n\n + Audio output :\n\n - Fix digital playback on OS X when more than one audio\n device is installed.\n\n - Fix digital playback (SPDIF/HDMI) on Windows.\n\n - Fix stuttering or silent playback when using sound\n enhancers or external audio devices on OS X.\n\n - Improve responsiveness on OS X when playback starts or\n is being paused.\n\n - Improve responsiveness, silent playback intervals and\n reliability on iOS.\n\n + Demuxers :\n\n - Fix Vimeo and DailyMotion parsing.\n\n - Various WMV playback improvements and fixes.\n\n + Decoders :\n\n - Fix LPCM 20/24-bit decoding and 16 bits with channel\n padding.\n\n - Fix playback of some HEVC samples.\n\n + Video filters: Fix crash on deinterlace selection.\n\n + Qt interface :\n\n - Fix some streaming profiles when copy existed.\n\n - Improve A-B loop control.\n\n - Fix album art update when changing media.\n\n + Mac OS X interface adjustments.\n\n + Win32 installer: Kill running VLC process on\n uninstall/update.\n\n + Updated translations.\n\n - More features (by adding BuildRequires) :\n\n + IDN Support (International Domain Names): libidn-devel\n\n + SFTP Access: libssh2-devel\n\n + HotKey Support: xcb-util-keysyms-devel\n\n + Complete SDL Stack: SDL_image-devel\n\n + ProjectM suppor (for openSUSE >= 12.3)\n\n - Update to version 2.1.1 :\n\n + Core :\n\n - Fix random and reshuffling behaviour.\n\n - Fix recording.\n\n - Fix some subtitles track selection.\n\n + Decoders :\n\n - VP9 support in WebM.\n\n - HEVC/H.265 support in MKV, MP4 and raw files.\n\n - Fix GPU decoding under Windows (DxVA2) crashes.\n\n + Demuxers :\n\n - Fix crashes on wav, mlp and mkv and modplug files.\n\n - Support Speex in ogg files.\n\n - Fix some .mov playlists support.\n\n - Support Alac in mkv.\n\n - Fix WMV3 and palette in AVI.\n\n - Fix FLAC packetizer issues in some files.\n\n + Access :\n\n - Fix DVB options parsing.\n\n - Fix DeckLink HDMI input.\n\n - Fix HTTPS connectivity on OS X by loading root\n certificates from Keychain.\n\n + Audio output :\n\n - Fixes for DirectSound pass-through.\n\n - Fixes for OSS output, notably on BSD.\n\n + Interfaces :\n\n - Fix HTTP interface infinite loop.\n\n - Fix D-Bus volume setting.\n\n + Qt :\n\n - Reinstore right click subtitle menu to open a subtitle.\n\n - Fix saving the hotkeys in preferences.\n\n - Fix saving the audio volume on Win32, using DirectSound.\n\n - Fix play after drag'n drop.\n\n - Fix streaming options edition and scale parameter.\n\n + Stream out :\n\n - Fix transcoding audio drift issues.\n\n - Fix numerous audio encoding issues.\n\n + Win32 installer :\n\n - Important rewrite to fix numerous bugs, notably about\n updates.\n\n - Simplification of the upgrade mechanism.\n\n + Mac OS X interface :\n\n - Reintroduce the language selector known from pre-2.1\n releases.\n\n - Fix fullscreen behaviour and various crashes.\n\n - Fix about dialog crash in Japanese.\n\n - Fix crashes on proxy lookups.\n\n - Fixes on the playlist and information behaviours.\n\n - Fixes on the streaming dialogs.\n\n - Improves interface resizings.\n\n + Updated translations.\n\n - Pass --with-default-font=[path] and\n\n --with-default-monospace-font=[path] to configure.\n\n - Drop fix_font_path.patch: replaced with configure\n parameters above.\n\n - Recommend 'vlc' by vlc-qt: some users might go\n installing the UI package directly. Having Qt most\n likely also means the user has X, so we at least\n recommend the vlc package relying on X.\n\n - Force creation of plugins cache in vlc-nox %post,\n instead of just touching the file, for details see\n https://trac.videolan.org/vlc/ticket/9807#comment:2\n\n - Update License: A lot has been relicensed to LGPL-2.1.", "published": "2014-06-13T00:00:00", "modified": "2014-06-13T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/75273", "reporter": "This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.novell.com/show_bug.cgi?id=864422", "https://trac.videolan.org/vlc/ticket/9807#comment:2", "https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html", "https://bugs.links2linux.org/browse/PM-108"], "cvelist": ["CVE-2013-3565"], "type": "nessus", "lastseen": "2021-01-20T12:27:25", "edition": 19, "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-3565"]}, {"type": "nessus", "idList": ["VLC_2_0_7.NASL"]}], "modified": "2021-01-20T12:27:25", "rev": 2}, "score": {"value": 5.0, "vector": "NONE", "modified": "2021-01-20T12:27:25", "rev": 2}, "vulnersScore": 5.0}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2014-178.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75273);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2013-3565\");\n\n script_name(english:\"openSUSE Security Update : vlc (openSUSE-SU-2014:0315-1)\");\n script_summary(english:\"Check for the openSUSE-2014-178 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"VLC was updated to version 2.1.3 (bnc#864422) :\n\n + Core :\n\n - Fix broken behaviour with SOCKSv5 proxies\n\n - Fix integer overflow on error when using vlc_readdir\n\n + Access :\n\n - Fix DVB-T2 tuning on Linux.\n\n - Fix encrypted DVD playback.\n\n - Fix v4l2 frequency conversion.\n\n + Decoders :\n\n - Fix numerous issues (M2TS, VC1 interlaced, Lagarith,\n FFv1.3, Xvid) by updating codec libraries.\n\n - Bring fluidsynth back on Mac OS X\n\n - Fix some Opus crashes with some filters\n\n - Fix teletext crash on Windows\n\n + Demuxers :\n\n - Avoid an infinite recursion in MKV tags parsing\n\n - Fix an issue with some Vobsub tracks\n\n - Fix missing samples at the end of some wav files\n\n - Fix divide by 0 on ASF/WMV parsing\n\n + Audio output :\n\n - Fix audio device selection via command line on Mac OS X\n\n - Fix audio crashes on Mac OS X\n\n + Video Output :\n\n - Fix selection of DirectDraw as the default output for XP\n\n - Fix transform off-by-one issue\n\n - Fix screensaver disabling on Windows outputs\n\n - Fix DirectDraw device enumeration and multi-display\n output\n\n - Fix a potential crash when playing a fullscreen game at\n the same time as VLC\n\n + Stream output :\n\n - Fix 24bits audio MTU alignment in RTP\n\n - Fix record file names\n\n + Qt interface :\n\n - Fix minimal size possible on start\n\n - Fix a crash with the simple volume widget\n\n - Fix a crash in the audio menu building\n\n - Fix multimedia keys issues on Windows\n\n - Fix opening of DVD and BD folders on Windows\n\n + HTTP interface: Fix album art display on Windows.\n\n + Updated translations.\n\n - Add update-desktop-files BuildRequires and\n %desktop_database_post/postun calls to respective\n scriptlets: Fix\n https://bugs.links2linux.org/browse/PM-108\n\n - Update to version 2.1.2 :\n\n + Audio output :\n\n - Fix digital playback on OS X when more than one audio\n device is installed.\n\n - Fix digital playback (SPDIF/HDMI) on Windows.\n\n - Fix stuttering or silent playback when using sound\n enhancers or external audio devices on OS X.\n\n - Improve responsiveness on OS X when playback starts or\n is being paused.\n\n - Improve responsiveness, silent playback intervals and\n reliability on iOS.\n\n + Demuxers :\n\n - Fix Vimeo and DailyMotion parsing.\n\n - Various WMV playback improvements and fixes.\n\n + Decoders :\n\n - Fix LPCM 20/24-bit decoding and 16 bits with channel\n padding.\n\n - Fix playback of some HEVC samples.\n\n + Video filters: Fix crash on deinterlace selection.\n\n + Qt interface :\n\n - Fix some streaming profiles when copy existed.\n\n - Improve A-B loop control.\n\n - Fix album art update when changing media.\n\n + Mac OS X interface adjustments.\n\n + Win32 installer: Kill running VLC process on\n uninstall/update.\n\n + Updated translations.\n\n - More features (by adding BuildRequires) :\n\n + IDN Support (International Domain Names): libidn-devel\n\n + SFTP Access: libssh2-devel\n\n + HotKey Support: xcb-util-keysyms-devel\n\n + Complete SDL Stack: SDL_image-devel\n\n + ProjectM suppor (for openSUSE >= 12.3)\n\n - Update to version 2.1.1 :\n\n + Core :\n\n - Fix random and reshuffling behaviour.\n\n - Fix recording.\n\n - Fix some subtitles track selection.\n\n + Decoders :\n\n - VP9 support in WebM.\n\n - HEVC/H.265 support in MKV, MP4 and raw files.\n\n - Fix GPU decoding under Windows (DxVA2) crashes.\n\n + Demuxers :\n\n - Fix crashes on wav, mlp and mkv and modplug files.\n\n - Support Speex in ogg files.\n\n - Fix some .mov playlists support.\n\n - Support Alac in mkv.\n\n - Fix WMV3 and palette in AVI.\n\n - Fix FLAC packetizer issues in some files.\n\n + Access :\n\n - Fix DVB options parsing.\n\n - Fix DeckLink HDMI input.\n\n - Fix HTTPS connectivity on OS X by loading root\n certificates from Keychain.\n\n + Audio output :\n\n - Fixes for DirectSound pass-through.\n\n - Fixes for OSS output, notably on BSD.\n\n + Interfaces :\n\n - Fix HTTP interface infinite loop.\n\n - Fix D-Bus volume setting.\n\n + Qt :\n\n - Reinstore right click subtitle menu to open a subtitle.\n\n - Fix saving the hotkeys in preferences.\n\n - Fix saving the audio volume on Win32, using DirectSound.\n\n - Fix play after drag'n drop.\n\n - Fix streaming options edition and scale parameter.\n\n + Stream out :\n\n - Fix transcoding audio drift issues.\n\n - Fix numerous audio encoding issues.\n\n + Win32 installer :\n\n - Important rewrite to fix numerous bugs, notably about\n updates.\n\n - Simplification of the upgrade mechanism.\n\n + Mac OS X interface :\n\n - Reintroduce the language selector known from pre-2.1\n releases.\n\n - Fix fullscreen behaviour and various crashes.\n\n - Fix about dialog crash in Japanese.\n\n - Fix crashes on proxy lookups.\n\n - Fixes on the playlist and information behaviours.\n\n - Fixes on the streaming dialogs.\n\n - Improves interface resizings.\n\n + Updated translations.\n\n - Pass --with-default-font=[path] and\n\n --with-default-monospace-font=[path] to configure.\n\n - Drop fix_font_path.patch: replaced with configure\n parameters above.\n\n - Recommend 'vlc' by vlc-qt: some users might go\n installing the UI package directly. Having Qt most\n likely also means the user has X, so we at least\n recommend the vlc package relying on X.\n\n - Force creation of plugins cache in vlc-nox %post,\n instead of just touching the file, for details see\n https://trac.videolan.org/vlc/ticket/9807#comment:2\n\n - Update License: A lot has been relicensed to LGPL-2.1.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.links2linux.org/browse/PM-108\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=864422\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://trac.videolan.org/vlc/ticket/9807#comment:2\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected vlc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlc5\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlc5-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlccore7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libvlccore7-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-noX-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:vlc-qt-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/31\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlc5-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlc5-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlccore7-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"libvlccore7-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-debugsource-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-devel-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-gnome-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-gnome-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-noX-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-noX-debuginfo-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-noX-lang-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-qt-2.1.3-10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"vlc-qt-debuginfo-2.1.3-10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"vlc\");\n}\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "75273", "cpe": ["p-cpe:/a:novell:opensuse:vlc-qt", "p-cpe:/a:novell:opensuse:vlc-debugsource", "p-cpe:/a:novell:opensuse:vlc-noX-debuginfo", "p-cpe:/a:novell:opensuse:vlc-gnome", "p-cpe:/a:novell:opensuse:libvlc5", "p-cpe:/a:novell:opensuse:vlc-qt-debuginfo", "p-cpe:/a:novell:opensuse:libvlccore7", "p-cpe:/a:novell:opensuse:vlc-noX", "p-cpe:/a:novell:opensuse:vlc-noX-lang", "p-cpe:/a:novell:opensuse:libvlccore7-debuginfo", "p-cpe:/a:novell:opensuse:vlc-debuginfo", "p-cpe:/a:novell:opensuse:vlc-devel", "p-cpe:/a:novell:opensuse:libvlc5-debuginfo", "p-cpe:/a:novell:opensuse:vlc-gnome-debuginfo", "cpe:/o:novell:opensuse:13.1", "p-cpe:/a:novell:opensuse:vlc"], "scheme": null, "cvss3": {"score": 6.1, "vector": "AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}
{"cve": [{"lastseen": "2021-02-02T06:06:54", "description": "Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua.", "edition": 7, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-01-31T22:15:00", "title": "CVE-2013-3565", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3565"], "modified": "2020-02-03T21:53:00", "cpe": ["cpe:/o:opensuse:opensuse:13.1"], "id": "CVE-2013-3565", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-3565", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2021-03-01T07:46:28", "description": "The version of VLC media player installed on the remote host is earlier\nthan 2.0.7 and is, therefore, affected by the following vulnerabilities:\n\n - The web interface contains a flaw that does not validate\n input passed via XML services resulting in a cross-site\n scripting vulnerability.\n\n - A flaw exists in the XML services of the web interface\n that may allow a remote attacker to execute media player\n commands.\n\n - A flaw exists that could lead to a denial of service / \n memory consumption when loading a malicious playlist.", "edition": 28, "published": "2013-07-23T00:00:00", "title": "VLC < 2.0.7 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-3564", "CVE-2013-7340", "CVE-2013-3565"], "modified": "2021-03-02T00:00:00", "cpe": ["cpe:/a:videolan:vlc_media_player"], "id": "VLC_2_0_7.NASL", "href": "https://www.tenable.com/plugins/nessus/69015", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69015);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/27\");\n\n script_cve_id(\"CVE-2013-3564\", \"CVE-2013-3565\", \"CVE-2013-7340\");\n script_bugtraq_id(60705, 66546);\n\n script_name(english:\"VLC < 2.0.7 Multiple Vulnerabilities\");\n script_summary(english:\"Checks version of VLC\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of VLC media player installed on the remote host is earlier\nthan 2.0.7 and is, therefore, affected by the following vulnerabilities:\n\n - The web interface contains a flaw that does not validate\n input passed via XML services resulting in a cross-site\n scripting vulnerability.\n\n - A flaw exists in the XML services of the web interface\n that may allow a remote attacker to execute media player\n commands.\n\n - A flaw exists that could lead to a denial of service / \n memory consumption when loading a malicious playlist.\");\n # http://blog.spiderlabs.com/2013/06/twsl2013-006-cross-site-scripting-vulnerability-in-coldbox.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6f33883d\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2013-007/?fid=3876&dl=1\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.videolan.org/vlc/releases/2.0.7.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to VLC version 2.0.7 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2013-7340\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:videolan:vlc_media_player\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"vlc_installed.nasl\");\n script_require_keys(\"SMB/VLC/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nvuln_plugins_installed = make_list();\nversion = get_kb_item_or_exit(\"SMB/VLC/Version\");\n\npath = get_kb_item_or_exit(\"SMB/VLC/File\");\npath = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+$\", replace:\"\\1\", string:path);\n\nport = get_kb_item(\"SMB/transport\");\nif (!port) port = 445;\n\n# nb: 'version' may look like '0.9.8a'!\nif (\n version =~ \"^[01]\\.\" ||\n version =~ \"^2\\.0\\.[0-6]($|[^0-9])\"\n)\n{\n set_kb_item(name:\"www/\"+port+\"/XSS\", value:TRUE);\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : 2.0.7\\n';\n security_warning(port:port, extra:report);\n }\n else security_warning(port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, \"VLC\", version, path);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}