VLC to patch management

Hi Team,

Can we have VLC added to third-party patch management?

@libretech ,

We have forwarded your request to our Development Team for analysis. We’ll make sure to provide you feedback from our Product Team with their response.

Jimmy / jmpolvera It seems VLC player is already included, please see https://patchportal.one.comodo.com/portal/packages/spm/VLC%20media%20player/

@nct , You are correct.

https://help.comodo.com/topic-399-1-786-11984-EM-Supported-3rd-Party-Applications.html

Ace, VLC is so useful

Installed as standard for most of our clients.

I’m waiting for Itarian policies to enable installing apps like this on assignment of a profile like yuu can do with procedures

I’ve requested this too, just like having the ability to install multiple apps at one, as per nitite.com

https://ninite.com/ is a great system, and Itarian is almost there as you can select multiple as long as on same page.

Few more tweaks and making sure all packages exist and work and it will be great!

Hopefully we see sooner rather than later.

On this topic, can we get a newer patch for VLC please? Currently it looks like it’s at 3.0.6

TLP: WHITE
MS-ISAC CYBERSECURITY ADVISORY

MS-ISAC ADVISORY NUMBER:
2019-066

DATE(S) ISSUED:
06/17/2019

SUBJECT:
A Vulnerability in VLCMedia Player Could Allow for Arbitrary Code Execution

OVERVIEW:
A vulnerability has been identified in VLCMedia Player which could allow for arbitrary code execution. VLC is a cross-platform multimedia player and framework. Successful exploitation of this vulnerability could allow for arbitrary code execution in the context of the affected application. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights. Failed exploitation could result in a denial-of-service condition.

THREAT INTELLIGENCE:
There are currently no reports of this vulnerability being exploited in the wild.

SYSTEMS AFFECTED:

  • VLCMedia Player versions prior to 3.0.7

Hello @Clint-W, your request has been forwarded to our development team. We will notify you via email and here in the forum as soon as updates are available.

Thank you for your support.

Hello,

We would like to inform you that the latest version of VLC (version: 3.0.7.1) has been added on production. Thank you

That’s great, thanks for deploying it so quickly. I’ve tested on a couple boxes with on-demand patching and they’re updating fine.

An oddity is that none of the 3rd party patch updates are actually installing/updating these 3rd party apps. Is there anything wrong with Itarian’s system currently?

Hi @sferley
We are unaware of any server-side issue with the third-party applications patch management. Is the issue present with all of the applications you tried to update? Or is it just on a few?