If my memory does not fail me, and it seems that it does not because of what was published in this tweet, VideoLan published VLC 3.0.8 Some weeks ago. A few minutes ago the update appeared on Discover and, shortly after, Canonical has published a security report that talks about a total of 11 vulnerabilities fixed in the most famous media player on the planet. They are not new vulnerabilities and VideoLan had already published them on its website since mid-August.
The report that collects the vulnerabilities corrected in VLC 3.0.8 is the USN-4131-1, published today, and it details 10 medium priority and one low priority vulnerabilities. The report mentions that the affected systems are Ubuntu 19.04 and Ubuntu 18.04 LTS, but if we go into the details of any of the 11 bugs we will see that Ubuntu 16.04 also needs the patches. This means that they will probably publish the USN-4131-2 report about these failures in Xenial Xerus soon. Other versions, such as Ubuntu 14.04 and 12.04, cannot receive the update because they do not enjoy official support.
11 in VLC and 16 vulnerabilities in WebKitGTK +
Canonical has not given details of each of the bugs fixed in VLC and has limited itself to saying that the player was incorrectly handling some multimedia files, which could be used by a malicious user to block the player, resulting in denial of service (DoS ) Y possibly execute arbitrary code.
On the other hand, they have also published several patches to correct a total of 16 vulnerabilities in WebKitGTK +, all of them of medium priority. As in the case of the VLC crashes, in the report USN-4130-1 They have also limited themselves to giving a general explanation, saying that if we were tricked into viewing a malicious web page, a remote attacker could exploit various web browser security-related problems, causing CSS attacks, denial of service, or executing arbitrary code.
All patches are now available as an update, so applying them is as simple as opening the software center and installing them. For the changes to take effect, we must restart the computer.
