Though it doesn’t typically come with EVERY Linux distro (it really should..), vlc is one of the most popular, and powerful open source media playing programs around.
This morning the VideoLAN organization released an important security update for vlc with vlc 1.1.10.
According to the release notes the 1.1.10 update fixes:
- Security update regarding an integer overflow in xspf demuxer
While that may not sound like a big deal, it can become one. Apple and Adobe are always updating QuickTime and Flash for multiple overflow issues that can potentially lead to arbitrary code being enabled to run on an unpatched machine.
In additional to the integer overflow fix, vlc 1.1.10 has a security update of the libmodplug libraries. Earlier this year, SEC-Consult issued a public advisory about a stack overflow issue with the library.
VideoLAN’s release noted also indicate that there are, “many miscellaneous fixes in decoders, demuxers and subtitles and 3rd party libraries updates.”
So short story even shorter — make sure you update VLC today!