SUSE Package Hub - openSUSE-2017-672

Update Info

openSUSE-2017-672

Security update for ffmpeg

Type: security

Severity: moderate

Issued: 2017-06-11

Description:

ffmpeg was updated to fix the following security issues:
  
CVE-2016-10191: remote exploitaion results code execution ((bsc#1022921)
CVE-2016-10192: remote exploitaion results code execution bsc#1022922) 
CVE-2017-7866: stack-based buffer overflow (bsc#1034176) 
CVE-2017-7865: heap-based buffer overflow (bsc#1034177) 
CVE-2017-7863: heap-based buffer overflow (bsc#1034179)
CVE-2016-9561: Huge amount memory allocated, resulting in DoS (bsc#1015120)

References

CVE: CVE-2017-7866
CVE: CVE-2017-7865
CVE: CVE-2017-7863
CVE: CVE-2016-9561
CVE: CVE-2016-10192
CVE: CVE-2016-10191
Bugzilla: 980542 ffmpeg fails to build with BUILD_ORIG = 1 due to missing pkgconfig(opencore-amrnb)
Bugzilla: 1034179 VUL-0: CVE-2017-7863: ffmpeg: heap-based buffer overflow (decode_frame_common function in libavcodec/pngdec.c)
Bugzilla: 1034177 VUL-0: CVE-2017-7865: ffmpeg: heap-based buffer overflow (ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c)
Bugzilla: 1034176 VUL-0: CVE-2017-7866: ffmpeg: stack-based buffer overflow (decode_zbuf function in libavcodec/pngdec.c)
Bugzilla: 1022922 VUL-0: CVE-2016-10192: ffmpeg: remote exploitaion results code execution [ 3 - ffserver.c ]
Bugzilla: 1022921 VUL-0: CVE-2016-10191: ffmpeg: remote exploitaion results code execution [ 2 - libavformat/rtmppkt.c ]
Bugzilla: 1015120 VUL-0: CVE-2016-9561: ffmpeg: Huge amount memory allocated, resulting in DoS of ffmpeg

Packages

ffmpeg2-2.8.11-12.1