Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 495
Alerts This Week
Warning Icon 1 495

Debian 8: DLA-1611-2 Moderate: libav Remote DoS Issues Fixed

debian lts
Calendar Grey December 21, 2018
Dist Debian Esm H88
Package : libav Version : 6:11.12-1~deb8u3 CVE ID : CVE-2015-6822 CVE-2015-6823 CVE-2015-6824 Two mo
Two more security issues have been corrected in the libav multimedia library

Summary

CVE-2015-6823

The allocate_buffers function in libavcodec/alac.c did not initialize
certain context data, which allowed remote attackers to cause a
denial of service (segmentation violation) or possibly have
unspecified other impact via crafted Apple Lossless Audio Codec
(ALAC) data. This issues has now been addressed by clearing pointers
in avcodec/alac.c's allocate_buffers().

Other than stated in debian/changelog of upload 6:11.12-1~deb8u2,
this issue only now got fixed with upload of 6:11.12-1~deb8u3.

CVE-2015-6824

The sws_init_context function in libswscale/utils.c did not
initialize certain pixbuf data structures, which allowed remote
attackers to cause a denial of service (segmentation violation) or
possibly have unspecified other impact via crafted video data. In
swscale/utils.c now these pix buffers get cleared which fixes use of
uninitialized memory.

Other than stated in debian/changelog of upload 6:11.12-1~deb8u2,

Read the Full Advisory


<pre><font face="Courier">Package: libav
Version: 6:11.12-1~deb8u3
CVE ID: CVE-2015-6822 CVE-2015-6823 CVE-2015-6824

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.