Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Thomas Deutschmann <whissi@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202003-65 ] FFmpeg: Multiple vulnerabilities
Date: Mon, 30 Mar 2020 15:07:26
Message-Id: 9e615ca7-a0f8-b2ba-c0a4-b7f2acb4bc3d@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202003-65
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: FFmpeg: Multiple vulnerabilities
9 Date: March 30, 2020
10 Bugs: #660924, #692418, #711144
11 ID: 202003-65
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in FFmpeg, the worst of which
19 allows remote attackers to execute arbitrary code.
20
21 Background
22 ==========
23
24 FFmpeg is a complete, cross-platform solution to record, convert and
25 stream audio and video.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-video/ffmpeg >= 4 >= 4.2.0
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in FFmpeg. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could entice a user or automated system using FFmpeg
45 to process a specially crafted file, resulting in the execution of
46 arbitrary code or a Denial of Service.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All FFmpeg 4.x users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-4.2.0"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2018-10001
65 https://nvd.nist.gov/vuln/detail/CVE-2018-10001
66 [ 2 ] CVE-2018-6912
67 https://nvd.nist.gov/vuln/detail/CVE-2018-6912
68 [ 3 ] CVE-2018-7557
69 https://nvd.nist.gov/vuln/detail/CVE-2018-7557
70 [ 4 ] CVE-2018-7751
71 https://nvd.nist.gov/vuln/detail/CVE-2018-7751
72 [ 5 ] CVE-2018-9841
73 https://nvd.nist.gov/vuln/detail/CVE-2018-9841
74 [ 6 ] CVE-2019-12730
75 https://nvd.nist.gov/vuln/detail/CVE-2019-12730
76 [ 7 ] CVE-2019-13312
77 https://nvd.nist.gov/vuln/detail/CVE-2019-13312
78 [ 8 ] CVE-2019-13390
79 https://nvd.nist.gov/vuln/detail/CVE-2019-13390
80 [ 9 ] CVE-2019-17539
81 https://nvd.nist.gov/vuln/detail/CVE-2019-17539
82 [ 10 ] CVE-2019-17542
83 https://nvd.nist.gov/vuln/detail/CVE-2019-17542
84
85 Availability
86 ============
87
88 This GLSA and any updates to it are available for viewing at
89 the Gentoo Security Website:
90
91 https://security.gentoo.org/glsa/202003-65
92
93 Concerns?
94 =========
95
96 Security is a primary focus of Gentoo Linux and ensuring the
97 confidentiality and security of our users' machines is of utmost
98 importance to us. Any security concerns should be addressed to
99 security@g.o or alternatively, you may file a bug at
100 https://bugs.gentoo.org.
101
102 License
103 =======
104
105 Copyright 2020 Gentoo Foundation, Inc; referenced text
106 belongs to its owner(s).
107
108 The contents of this document are licensed under the
109 Creative Commons - Attribution / Share Alike license.
110
111 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups