Ubuntu Security Notice USN-6180-1

==========================================================================Ubuntu Security Notice USN-6180-1June 20, 2023vlc vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 22.10- Ubuntu 22.04 LTS (Available with Ubuntu Pro)- Ubuntu 20.04 LTS (Available with Ubuntu Pro)- Ubuntu 18.04 LTS (Available with Ubuntu Pro)- Ubuntu 16.04 LTS (Available with Ubuntu Pro)Summary:Several security issues were fixed in VLC media player.Software Description:- vlc: multimedia player and streamerDetails:It was discovered that VLC could be made to read out of bounds whendecoding image files. If a user were tricked into opening a crafted imagefile, a remote attacker could possibly use this issue to cause VLC tocrash, leading to a denial of service. This issue only affected Ubuntu16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-19721)It was discovered that VLC could be made to write out of bounds whenprocessing H.264 video files. If a user were tricked into opening acrafted H.264 video file, a remote attacker could possibly use this issueto cause VLC to crash, leading to a denial of service, or possiblyexecute arbitrary code. This issue only affected Ubuntu 18.04 LTS andUbuntu 20.04 LTS. (CVE-2020-13428)It was discovered that VLC could be made to read out of bounds whenprocessing AVI video files. If a user were tricked into opening a craftedAVI video file, a remote attacker could possibly use this issue to causeVLC to crash, leading to a denial of service. This issue only affectedUbuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. (CVE-2021-25801,CVE-2021-25802, CVE-2021-25803, CVE-2021-25804)It was discovered that the VNC module of VLC contained an arithmeticoverflow. If a user were tricked into opening a crafted playlist orconnecting to a rouge VNC server, a remote attacker could possibly usethis issue to cause VLC to crash, leading to a denial of service, orpossibly execute arbitrary code. (CVE-2022-41325)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 22.10:   vlc                             3.0.17.4-5ubuntu0.1   vlc-plugin-access-extra         3.0.17.4-5ubuntu0.1Ubuntu 22.04 LTS (Available with Ubuntu Pro):   vlc                             3.0.16-1ubuntu0.1~esm1   vlc-plugin-access-extra         3.0.16-1ubuntu0.1~esm1Ubuntu 20.04 LTS (Available with Ubuntu Pro):   vlc                             3.0.9.2-1ubuntu0.1~esm1   vlc-plugin-access-extra         3.0.9.2-1ubuntu0.1~esm1Ubuntu 18.04 LTS (Available with Ubuntu Pro):   vlc                             3.0.8-0ubuntu18.04.1+esm1   vlc-plugin-access-extra         3.0.8-0ubuntu18.04.1+esm1Ubuntu 16.04 LTS (Available with Ubuntu Pro):   vlc                             2.2.2-5ubuntu0.16.04.5+esm2In general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6180-1   CVE-2019-19721, CVE-2020-13428, CVE-2021-25801, CVE-2021-25802,   CVE-2021-25803, CVE-2021-25804, CVE-2022-41325Package Information:   https://launchpad.net/ubuntu/+source/vlc/3.0.17.4-5ubuntu0.1