Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201606-09 ] FFmpeg: Multiple vulnerabilities
Date: Sun, 19 Jun 2016 00:01:53
Message-Id: dde5ba11-1d4b-8371-8f66-db0706bc31d6@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201606-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: FFmpeg: Multiple vulnerabilities
9 Date: June 18, 2016
10 Bugs: #528554, #553732, #571868, #577458
11 ID: 201606-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in FFmpeg, the worst of which
19 could lead to arbitrary code execution or Denial of Service condition.
20
21 Background
22 ==========
23
24 FFmpeg is a complete, cross-platform solution to record, convert and
25 stream audio and video.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 media-video/ffmpeg < 2.8.6 >= 2.8.6
34
35 Description
36 ===========
37
38 Multiple vulnerabilities have been discovered in FFmpeg. Please review
39 the CVE identifiers referenced below for details.
40
41 Impact
42 ======
43
44 A remote attacker could possibly execute arbitrary code or cause a
45 Denial of Service condition.
46
47 Workaround
48 ==========
49
50 There is no known workaround at this time.
51
52 Resolution
53 ==========
54
55 All FFmpeg users should upgrade to the latest version:
56
57 # emerge --sync
58 # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.8.6"
59
60 References
61 ==========
62
63 [ 1 ] CVE-2014-9676
64 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9676
65 [ 2 ] CVE-2016-1897
66 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1897
67 [ 3 ] CVE-2016-1898
68 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-1898
69 [ 4 ] CVE-2016-2213
70 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2213
71 [ 5 ] CVE-2016-2326
72 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2326
73 [ 6 ] CVE-2016-2327
74 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2327
75 [ 7 ] CVE-2016-2328
76 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2328
77 [ 8 ] CVE-2016-2329
78 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2329
79 [ 9 ] CVE-2016-2330
80 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2330
81
82 Availability
83 ============
84
85 This GLSA and any updates to it are available for viewing at
86 the Gentoo Security Website:
87
88 https://security.gentoo.org/glsa/201606-09
89
90 Concerns?
91 =========
92
93 Security is a primary focus of Gentoo Linux and ensuring the
94 confidentiality and security of our users' machines is of utmost
95 importance to us. Any security concerns should be addressed to
96 security@g.o or alternatively, you may file a bug at
97 https://bugs.gentoo.org.
98
99 License
100 =======
101
102 Copyright 2016 Gentoo Foundation, Inc; referenced text
103 belongs to its owner(s).
104
105 The contents of this document are licensed under the
106 Creative Commons - Attribution / Share Alike license.
107
108 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups