New version of VLC fixes security holes

The VideoLAN team have released version 1.0.6 of their VLC player. This version fixes several vulnerabilities which were found during development of the upcoming version 1.1.0.

I have built Slackware packages for vlc-1.0.6 (Slackware 13.0 32-bit and 64-bit) which you can find at the usual place, http://slackware.com/~alien/slackbuilds/vlc/. This is the release announcement in my repository’s ChangeLog.txt:

Fri Apr 23 10:35:49 UTC 2010
vlc: updated to 1.0.6. Several security holes were fixed in this release.
These packages do inotify-tools libnotify contain MP3/AAC audio encoders (playback of mp3/aac audio works fine); you can get packages with MP3/AAC encoding capability at http://slackware.org.uk/people/alien/restricted_slackbuilds/vlc/ as usual.
For playback of encrypted DVDs you’ll additionally need to install libdvdcss.

One remark: I found that the midi plugin (based on fluidsynth) does not work in this package because of a library linking error. I will try to get this resolved for Slackware 13.0 in a new build if I find the time (but KDE 4.4.3 is getting near). When I built a VLC package on Slackware-current, I did not have this issue however.

Note for those who run VLC on an older Slackware:

Older versions of the VideoLAN player will not get patched. Most notably the version 0.8.x which is still widely used. This version has already been vulnerable for some time, and the new vulnerabilities just get added to a growing list. Upgrading to the newest version will not be an option for everybody. Older releases of Slackware but also of other distro’s simply lack the libraries required by the current version of VLC. Too bad… or finally time to upgrade your Slackware?

Eric

4 thoughts on “New version of VLC fixes security holes

  1. Thanks Eric. And the restricted build http link is also back to work 🙂
    I’m eager to see what you’re cooking for us with the KDE 4.4.3


  2. Pingback: Is Slackware the best operating system you have ever used? | Watch Movies Online


  3. I prefer to install Slack-external software from the Slackbuilds, but VLC is a hornet’s nest of dependencies. So in addition to a general thanks for your role in keeping Slackware both easy and dependable, I want to give a specific thanks for the precompiled VLC package. In fact, two: a 32-bit thanks and a 64-bit thanks.


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.