SUSE Package Hub - openSUSE-2017-673

Update Info

openSUSE-2017-673

Security update for ffmpeg

Type: security

Severity: moderate

Issued: 2017-06-11

Description:

This update of ffmpeg to version 3.1.8 fixes the following security issues:

- CVE-2016-9561: DoS through huge memory allocation (bsc#1015120)
- CVE-2016-10191: remote code execution vulnerability (bsc#1022921)
- CVE-2016-10192: remote code execution vulnerability (bsc#1022922)
- CVE-2017-5024: Heap overflow
- CVE-2017-5025: Heap overflow

References

CVE: CVE-2017-5025
CVE: CVE-2017-5024
CVE: CVE-2016-9561
CVE: CVE-2016-10192
CVE: CVE-2016-10191
Bugzilla: 1022922 VUL-0: CVE-2016-10192: ffmpeg: remote exploitaion results code execution [ 3 - ffserver.c ]
Bugzilla: 1022921 VUL-0: CVE-2016-10191: ffmpeg: remote exploitaion results code execution [ 2 - libavformat/rtmppkt.c ]
Bugzilla: 1015120 VUL-0: CVE-2016-9561: ffmpeg: Huge amount memory allocated, resulting in DoS of ffmpeg

Packages

ffmpeg-3.1.8-8.1