Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Kristian Fiskerstrand <k_f@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 201603-06 ] FFmpeg: Multiple vulnerabilities
Date: Sat, 12 Mar 2016 11:21:31
Message-Id: 56E3FB45.9000809@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 201603-06
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: FFmpeg: Multiple vulnerabilities
9 Date: March 12, 2016
10 Bugs: #485228, #486692, #488052, #492742, #493452, #494038,
11 #515282, #520132, #536218, #537558, #548006, #553734
12 ID: 201603-06
13
14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
15
16 Synopsis
17 ========
18
19 Multiple vulnerabilities have been found in FFmpeg, the worst of which
20 could lead to arbitrary code execution or Denial of Service condition.
21
22 Background
23 ==========
24
25 FFmpeg is a complete, cross-platform solution to record, convert and
26 stream audio and video.
27
28 Affected packages
29 =================
30
31 -------------------------------------------------------------------
32 Package / Vulnerable / Unaffected
33 -------------------------------------------------------------------
34 1 media-video/ffmpeg < 2.6.3 >= 2.6.3
35
36 Description
37 ===========
38
39 Multiple vulnerabilities have been discovered in FFmpeg. Please review
40 the CVE identifiers referenced below for details.
41
42 Impact
43 ======
44
45 A remote attacker could possibly execute arbitrary code or cause a
46 Denial of Service condition.
47
48 Workaround
49 ==========
50
51 There is no known workaround at this time.
52
53 Resolution
54 ==========
55
56 All FFmpeg users should upgrade to the latest version:
57
58 # emerge --sync
59 # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.6.3"
60
61 References
62 ==========
63
64 [ 1 ] CVE-2013-0860
65 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860
66 [ 2 ] CVE-2013-0861
67 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0861
68 [ 3 ] CVE-2013-0862
69 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0862
70 [ 4 ] CVE-2013-0863
71 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0863
72 [ 5 ] CVE-2013-0864
73 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0864
74 [ 6 ] CVE-2013-0865
75 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0865
76 [ 7 ] CVE-2013-0866
77 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0866
78 [ 8 ] CVE-2013-0867
79 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0867
80 [ 9 ] CVE-2013-0868
81 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868
82 [ 10 ] CVE-2013-0872
83 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0872
84 [ 11 ] CVE-2013-0873
85 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0873
86 [ 12 ] CVE-2013-0874
87 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0874
88 [ 13 ] CVE-2013-0875
89 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0875
90 [ 14 ] CVE-2013-0876
91 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0876
92 [ 15 ] CVE-2013-0877
93 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0877
94 [ 16 ] CVE-2013-0878
95 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0878
96 [ 17 ] CVE-2013-4263
97 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4263
98 [ 18 ] CVE-2013-4264
99 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4264
100 [ 19 ] CVE-2013-4265
101 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4265
102 [ 20 ] CVE-2013-7008
103 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008
104 [ 21 ] CVE-2013-7009
105 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009
106 [ 22 ] CVE-2013-7010
107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010
108 [ 23 ] CVE-2013-7011
109 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011
110 [ 24 ] CVE-2013-7012
111 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012
112 [ 25 ] CVE-2013-7013
113 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013
114 [ 26 ] CVE-2013-7014
115 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014
116 [ 27 ] CVE-2013-7015
117 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015
118 [ 28 ] CVE-2013-7016
119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016
120 [ 29 ] CVE-2013-7017
121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017
122 [ 30 ] CVE-2013-7018
123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018
124 [ 31 ] CVE-2013-7019
125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019
126 [ 32 ] CVE-2013-7020
127 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020
128 [ 33 ] CVE-2013-7021
129 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021
130 [ 34 ] CVE-2013-7022
131 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022
132 [ 35 ] CVE-2013-7023
133 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023
134 [ 36 ] CVE-2013-7024
135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024
136 [ 37 ] CVE-2014-2097
137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2097
138 [ 38 ] CVE-2014-2098
139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2098
140 [ 39 ] CVE-2014-2263
141 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2263
142 [ 40 ] CVE-2014-5271
143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5271
144 [ 41 ] CVE-2014-5272
145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5272
146 [ 42 ] CVE-2014-7937
147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
148 [ 43 ] CVE-2014-8541
149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8541
150 [ 44 ] CVE-2014-8542
151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8542
152 [ 45 ] CVE-2014-8543
153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8543
154 [ 46 ] CVE-2014-8544
155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8544
156 [ 47 ] CVE-2014-8545
157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8545
158 [ 48 ] CVE-2014-8546
159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8546
160 [ 49 ] CVE-2014-8547
161 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8547
162 [ 50 ] CVE-2014-8548
163 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8548
164 [ 51 ] CVE-2014-8549
165 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8549
166 [ 52 ] CVE-2014-9316
167 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9316
168 [ 53 ] CVE-2014-9317
169 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9317
170 [ 54 ] CVE-2014-9318
171 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9318
172 [ 55 ] CVE-2014-9319
173 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9319
174 [ 56 ] CVE-2014-9602
175 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602
176 [ 57 ] CVE-2014-9603
177 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603
178 [ 58 ] CVE-2014-9604
179 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604
180 [ 59 ] CVE-2015-3395
181 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395
182
183 Availability
184 ============
185
186 This GLSA and any updates to it are available for viewing at
187 the Gentoo Security Website:
188
189 https://security.gentoo.org/glsa/201603-06
190
191 Concerns?
192 =========
193
194 Security is a primary focus of Gentoo Linux and ensuring the
195 confidentiality and security of our users' machines is of utmost
196 importance to us. Any security concerns should be addressed to
197 security@g.o or alternatively, you may file a bug at
198 https://bugs.gentoo.org.
199
200 License
201 =======
202
203 Copyright 2016 Gentoo Foundation, Inc; referenced text
204 belongs to its owner(s).
205
206 The contents of this document are licensed under the
207 Creative Commons - Attribution / Share Alike license.
208
209 http://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups