The VideoLAN team have released version 1.0.6 of their VLC player. This version fixes several vulnerabilities which were found during development of the upcoming version 1.1.0.

I have built Slackware packages for vlc-1.0.6 (Slackware 13.0 32-bit and 64-bit) which you can find at the usual place, http://slackware.com/~alien/slackbuilds/vlc/. This is the release announcement in my repository’s ChangeLog.txt:

Fri Apr 23 10:35:49 UTC 2010
vlc: updated to 1.0.6. Several security holes were fixed in this release.
These packages do inotify-tools libnotify contain MP3/AAC audio encoders (playback of mp3/aac audio works fine); you can get packages with MP3/AAC encoding capability at http://slackware.org.uk/people/alien/restricted_slackbuilds/vlc/ as usual.
For playback of encrypted DVDs you’ll additionally need to install libdvdcss.

One remark: I found that the midi plugin (based on fluidsynth) does not work in this package because of a library linking error. I will try to get this resolved for Slackware 13.0 in a new build if I find the time (but KDE 4.4.3 is getting near). When I built a VLC package on Slackware-current, I did not have this issue however.

Note for those who run VLC on an older Slackware:

Older versions of the VideoLAN player will not get patched. Most notably the version 0.8.x which is still widely used. This version has already been vulnerable for some time, and the new vulnerabilities just get added to a growing list. Upgrading to the newest version will not be an option for everybody. Older releases of Slackware but also of other distro’s simply lack the libraries required by the current version of VLC. Too bad… or finally time to upgrade your Slackware?

Eric