Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1433-1

Опубликовано: 29 мая 2017
Источник: suse-cvrf

Описание

Security update for ffmpeg2

This update for ffmpeg2 fixes security issues, bugs, and enables AC3 and MP3 decoding.

The following vulnerabilities were fixed:

  • CVE-2017-7863: heap-based buffer overflow (bsc#1034179)
  • CVE-2017-7865: heap-based buffer overflow (bsc#1034177)
  • CVE-2017-7866: stack-based buffer overflow (bsc#1034176)
  • CVE-2016-10191: remote code execution (bsc#1022921)
  • CVE-2016-10190: remote code execution (bsc#1022920)
  • CVE-2016-10192: remote code execution (bsc#1022922)
  • CVE-2016-9561: Huge amount memory allocated, resulting in DoS of ffmpeg (bsc#1015120)

The following functionality was added:

  • Enable AC3 and MP3 decoding

ffmpeg was updated to 2.8.11, containing a number of upstream improvements and fixes.

Список пакетов

openSUSE Leap 42.2
ffmpeg2-2.8.11-25.3.1
ffmpeg2-devel-2.8.11-25.3.1
libavcodec56-2.8.11-25.3.1
libavcodec56-32bit-2.8.11-25.3.1
libavdevice56-2.8.11-25.3.1
libavdevice56-32bit-2.8.11-25.3.1
libavfilter5-2.8.11-25.3.1
libavfilter5-32bit-2.8.11-25.3.1
libavformat56-2.8.11-25.3.1
libavformat56-32bit-2.8.11-25.3.1
libavresample2-2.8.11-25.3.1
libavresample2-32bit-2.8.11-25.3.1
libavutil54-2.8.11-25.3.1
libavutil54-32bit-2.8.11-25.3.1
libpostproc53-2.8.11-25.3.1
libpostproc53-32bit-2.8.11-25.3.1
libswresample1-2.8.11-25.3.1
libswresample1-32bit-2.8.11-25.3.1
libswscale3-2.8.11-25.3.1
libswscale3-32bit-2.8.11-25.3.1

Ссылки

Описание

Heap-based buffer overflow in libavformat/http.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote web servers to execute arbitrary code via a negative chunk size in an HTTP response.

Затронутые продукты
openSUSE Leap 42.2:ffmpeg2-2.8.11-25.3.1
openSUSE Leap 42.2:ffmpeg2-devel-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-32bit-2.8.11-25.3.1
Ссылки

Описание

Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check for RTMP packet size mismatches.

Затронутые продукты
openSUSE Leap 42.2:ffmpeg2-2.8.11-25.3.1
openSUSE Leap 42.2:ffmpeg2-devel-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-32bit-2.8.11-25.3.1
Ссылки

Описание

Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, 3.0.x before 3.0.5, 3.1.x before 3.1.6, and 3.2.x before 3.2.2 allows remote attackers to execute arbitrary code by leveraging failure to check chunk size.

Затронутые продукты
openSUSE Leap 42.2:ffmpeg2-2.8.11-25.3.1
openSUSE Leap 42.2:ffmpeg2-devel-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-32bit-2.8.11-25.3.1
Ссылки

Описание

The che_configure function in libavcodec/aacdec_template.c in FFmpeg before 3.2.1 allows remote attackers to cause a denial of service (allocation of huge memory, and being killed by the OS) via a crafted MOV file.

Затронутые продукты
openSUSE Leap 42.2:ffmpeg2-2.8.11-25.3.1
openSUSE Leap 42.2:ffmpeg2-devel-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-32bit-2.8.11-25.3.1
Ссылки

Описание

FFmpeg before 2017-02-04 has an out-of-bounds write caused by a heap-based buffer overflow related to the decode_frame_common function in libavcodec/pngdec.c.

Затронутые продукты
openSUSE Leap 42.2:ffmpeg2-2.8.11-25.3.1
openSUSE Leap 42.2:ffmpeg2-devel-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-32bit-2.8.11-25.3.1
Ссылки

Описание

FFmpeg before 2017-01-24 has an out-of-bounds write caused by a heap-based buffer overflow related to the ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c.

Затронутые продукты
openSUSE Leap 42.2:ffmpeg2-2.8.11-25.3.1
openSUSE Leap 42.2:ffmpeg2-devel-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-32bit-2.8.11-25.3.1
Ссылки

Описание

FFmpeg before 2017-01-23 has an out-of-bounds write caused by a stack-based buffer overflow related to the decode_zbuf function in libavcodec/pngdec.c.

Затронутые продукты
openSUSE Leap 42.2:ffmpeg2-2.8.11-25.3.1
openSUSE Leap 42.2:ffmpeg2-devel-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-2.8.11-25.3.1
openSUSE Leap 42.2:libavcodec56-32bit-2.8.11-25.3.1
Ссылки
Уязвимость openSUSE-SU-2017:1433-1