VLC Media Player Security Update - gHacks Tech News

ADVERTISEMENT

VLC Media Player Security Update

VLC Media Player is one of the most popular media players, next to Windows Media Player and MPlayer frontends. A high popularity usually has the downside that criminals try to find and exploit security vulnerabilities in the software or service. Several of the most recent updates of VLC were or did include security updates that fixed previously discovered security vulnerability in the application.

The developers of VLC have released a new version of the program yesterday that patches another security vulnerability in the program.

It took the VLC team less than five days to fix the vulnerability which was first disclosed on April 7. The security advisory on the Videolan web page describes the issue as a heap-based buffer overflow in the mp4 demuxer.

Workarounds have been posted on the very same page, which are however no longer necessary as the issue is fixed by the VLC update to version 1.1.9.

The built-in update checker does not seem to recognize the new update yet, which means that VLC users need to download the update from the homepage of the project to install the program update manually. Downloads for all supported operating systems are available on this page.

You can verify the version of VLC by clicking on Help > About in the program interface, or with the keyboard shortcut Shift-F1.

vlc update

If you see VLC Media Player 1.1.8 there you need to update the software. Manual update checks are available via Help > Check for Updates. It is likely that the developers will enable automatic updates soon.

VLC 1.1.9 includes an update for the libmodplug which is security related as well.

Advertisement

Previous Post: «
Next Post: »

Comments

  1. Ken said on April 14, 2011 at 3:37 pm
    Reply

    As of now my version 1.1.8 The Luggage (??) reports as up to date

    1. Martin Brinkmann said on April 14, 2011 at 4:33 pm
      Reply

      Yes that is rather strange, considering that 1.1.9 has been released for a few days now.

  2. Steven said on April 26, 2011 at 12:26 am
    Reply

    The AutoDJ software seems to be missing from already from the source forge site. The site shows no files found.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.