Описание
Security update for ffmpeg
This update to ffmpeg 2.8.5 fixes the following issues:
- CVE-2016-1897: Cross-origin issue in URL processing (concat) - local file disclosure (boo#961937)
- CVE-2016-1898: Cross-origin issue in URL processing (subfile) - local file disclosure (boo#961937)
Список пакетов
openSUSE Leap 42.1
ffmpeg-2.8.5-12.1
ffmpeg-devel-2.8.5-12.1
libavcodec-devel-2.8.5-12.1
libavcodec56-2.8.5-12.1
libavcodec56-32bit-2.8.5-12.1
libavdevice-devel-2.8.5-12.1
libavdevice56-2.8.5-12.1
libavdevice56-32bit-2.8.5-12.1
libavfilter-devel-2.8.5-12.1
libavfilter5-2.8.5-12.1
libavfilter5-32bit-2.8.5-12.1
libavformat-devel-2.8.5-12.1
libavformat56-2.8.5-12.1
libavformat56-32bit-2.8.5-12.1
libavresample-devel-2.8.5-12.1
libavresample2-2.8.5-12.1
libavresample2-32bit-2.8.5-12.1
libavutil-devel-2.8.5-12.1
libavutil54-2.8.5-12.1
libavutil54-32bit-2.8.5-12.1
libpostproc-devel-2.8.5-12.1
libpostproc53-2.8.5-12.1
libpostproc53-32bit-2.8.5-12.1
libswresample-devel-2.8.5-12.1
libswresample1-2.8.5-12.1
libswresample1-32bit-2.8.5-12.1
libswscale-devel-2.8.5-12.1
libswscale3-2.8.5-12.1
libswscale3-32bit-2.8.5-12.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0243-1
- SUSE Security Ratings
Описание
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file.
Затронутые продукты
openSUSE Leap 42.1:ffmpeg-2.8.5-12.1
openSUSE Leap 42.1:ffmpeg-devel-2.8.5-12.1
openSUSE Leap 42.1:libavcodec-devel-2.8.5-12.1
openSUSE Leap 42.1:libavcodec56-2.8.5-12.1
Ссылки
- CVE-2016-1897
- SUSE Bug 961937
Описание
FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file.
Затронутые продукты
openSUSE Leap 42.1:ffmpeg-2.8.5-12.1
openSUSE Leap 42.1:ffmpeg-devel-2.8.5-12.1
openSUSE Leap 42.1:libavcodec-devel-2.8.5-12.1
openSUSE Leap 42.1:libavcodec56-2.8.5-12.1
Ссылки
- CVE-2016-1898
- SUSE Bug 961937