- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201603-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: FFmpeg: Multiple vulnerabilities
     Date: March 12, 2016
     Bugs: #485228, #486692, #488052, #492742, #493452, #494038,
           #515282, #520132, #536218, #537558, #548006, #553734
       ID: 201603-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
=======
Multiple vulnerabilities have been found in FFmpeg, the worst of which
could lead to arbitrary code execution or Denial of Service condition.

Background
=========
FFmpeg is a complete, cross-platform solution to record, convert and
stream audio and video.

Affected packages
================
    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  media-video/ffmpeg           < 2.6.3                    >= 2.6.3

Description
==========
Multiple vulnerabilities have been discovered in FFmpeg.  Please review
the CVE identifiers referenced below for details.

Impact
=====
A remote attacker could possibly execute arbitrary code or cause a
Denial of Service condition.

Workaround
=========
There is no known workaround at this time.

Resolution
=========
All FFmpeg users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.6.3"

References
=========
[  1 ] CVE-2013-0860
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860
[  2 ] CVE-2013-0861
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0861
[  3 ] CVE-2013-0862
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0862
[  4 ] CVE-2013-0863
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0863
[  5 ] CVE-2013-0864
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0864
[  6 ] CVE-2013-0865
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0865
[  7 ] CVE-2013-0866
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0866
[  8 ] CVE-2013-0867
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0867
[  9 ] CVE-2013-0868
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868
[ 10 ] CVE-2013-0872
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0872
[ 11 ] CVE-2013-0873
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0873
[ 12 ] CVE-2013-0874
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0874
[ 13 ] CVE-2013-0875
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0875
[ 14 ] CVE-2013-0876
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0876
[ 15 ] CVE-2013-0877
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0877
[ 16 ] CVE-2013-0878
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0878
[ 17 ] CVE-2013-4263
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4263
[ 18 ] CVE-2013-4264
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4264
[ 19 ] CVE-2013-4265
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4265
[ 20 ] CVE-2013-7008
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008
[ 21 ] CVE-2013-7009
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009
[ 22 ] CVE-2013-7010
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010
[ 23 ] CVE-2013-7011
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011
[ 24 ] CVE-2013-7012
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012
[ 25 ] CVE-2013-7013
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013
[ 26 ] CVE-2013-7014
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014
[ 27 ] CVE-2013-7015
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015
[ 28 ] CVE-2013-7016
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016
[ 29 ] CVE-2013-7017
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017
[ 30 ] CVE-2013-7018
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018
[ 31 ] CVE-2013-7019
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019
[ 32 ] CVE-2013-7020
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020
[ 33 ] CVE-2013-7021
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021
[ 34 ] CVE-2013-7022
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022
[ 35 ] CVE-2013-7023
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023
[ 36 ] CVE-2013-7024
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024
[ 37 ] CVE-2014-2097
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2097
[ 38 ] CVE-2014-2098
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2098
[ 39 ] CVE-2014-2263
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2263
[ 40 ] CVE-2014-5271
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5271
[ 41 ] CVE-2014-5272
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5272
[ 42 ] CVE-2014-7937
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937
[ 43 ] CVE-2014-8541
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8541
[ 44 ] CVE-2014-8542
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8542
[ 45 ] CVE-2014-8543
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8543
[ 46 ] CVE-2014-8544
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8544
[ 47 ] CVE-2014-8545
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8545
[ 48 ] CVE-2014-8546
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8546
[ 49 ] CVE-2014-8547
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8547
[ 50 ] CVE-2014-8548
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8548
[ 51 ] CVE-2014-8549
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8549
[ 52 ] CVE-2014-9316
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9316
[ 53 ] CVE-2014-9317
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9317
[ 54 ] CVE-2014-9318
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9318
[ 55 ] CVE-2014-9319
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9319
[ 56 ] CVE-2014-9602
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602
[ 57 ] CVE-2014-9603
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603
[ 58 ] CVE-2014-9604
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604
[ 59 ] CVE-2015-3395
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395

Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/201603-06

Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
======
Copyright 2016 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5/

Gentoo: GLSA-201603-06: FFmpeg: Multiple vulnerabilities

Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition.

Summary

Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details.

Resolution

All FFmpeg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.6.3"

References

[ 1 ] CVE-2013-0860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860 [ 2 ] CVE-2013-0861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0861 [ 3 ] CVE-2013-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0862 [ 4 ] CVE-2013-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0863 [ 5 ] CVE-2013-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0864 [ 6 ] CVE-2013-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0865 [ 7 ] CVE-2013-0866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0866 [ 8 ] CVE-2013-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0867 [ 9 ] CVE-2013-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868 [ 10 ] CVE-2013-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0872 [ 11 ] CVE-2013-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0873 [ 12 ] CVE-2013-0874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0874 [ 13 ] CVE-2013-0875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0875 [ 14 ] CVE-2013-0876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0876 [ 15 ] CVE-2013-0877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0877 [ 16 ] CVE-2013-0878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0878 [ 17 ] CVE-2013-4263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4263 [ 18 ] CVE-2013-4264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4264 [ 19 ] CVE-2013-4265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4265 [ 20 ] CVE-2013-7008 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008 [ 21 ] CVE-2013-7009 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009 [ 22 ] CVE-2013-7010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010 [ 23 ] CVE-2013-7011 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011 [ 24 ] CVE-2013-7012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012 [ 25 ] CVE-2013-7013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013 [ 26 ] CVE-2013-7014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014 [ 27 ] CVE-2013-7015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015 [ 28 ] CVE-2013-7016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016 [ 29 ] CVE-2013-7017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017 [ 30 ] CVE-2013-7018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018 [ 31 ] CVE-2013-7019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019 [ 32 ] CVE-2013-7020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020 [ 33 ] CVE-2013-7021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021 [ 34 ] CVE-2013-7022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022 [ 35 ] CVE-2013-7023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023 [ 36 ] CVE-2013-7024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024 [ 37 ] CVE-2014-2097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2097 [ 38 ] CVE-2014-2098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2098 [ 39 ] CVE-2014-2263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2263 [ 40 ] CVE-2014-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5271 [ 41 ] CVE-2014-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5272 [ 42 ] CVE-2014-7937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937 [ 43 ] CVE-2014-8541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8541 [ 44 ] CVE-2014-8542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8542 [ 45 ] CVE-2014-8543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8543 [ 46 ] CVE-2014-8544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8544 [ 47 ] CVE-2014-8545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8545 [ 48 ] CVE-2014-8546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8546 [ 49 ] CVE-2014-8547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8547 [ 50 ] CVE-2014-8548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8548 [ 51 ] CVE-2014-8549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8549 [ 52 ] CVE-2014-9316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9316 [ 53 ] CVE-2014-9317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9317 [ 54 ] CVE-2014-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9318 [ 55 ] CVE-2014-9319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9319 [ 56 ] CVE-2014-9602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602 [ 57 ] CVE-2014-9603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603 [ 58 ] CVE-2014-9604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604 [ 59 ] CVE-2015-3395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201603-06

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: FFmpeg: Multiple vulnerabilities
Date: March 12, 2016
Bugs: #485228, #486692, #488052, #492742, #493452, #494038,
ID: 201603-06

Synopsis

Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition.

Background

FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/ffmpeg < 2.6.3 >= 2.6.3

Impact

===== A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Linux Mint 22: Elevating Security and Usability for Admins
3 - 5 min read
Linux Mint has has long been recognized as a versatile and user-friendly distribution and has earned great popularity among administrators and
Exim 4.98 Addresses Critical Vulnerabilities, Bolsters Email Server Security
2 - 4 min read
Exim is one of Unix-like systems' most widely used mail transfer agents. It's essential for email delivery and handling and is a significant part of
Recent OpenSSH RCE Bug Explained: Impact & Mitigations
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution
2 - 4 min read
Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass
Play Ransomware Group Unleashes New Threat on ESXi Environments: Analysis & Mitigation Strategies
3 - 5 min read
The Play ransomware group, well-known for its double-extortion tactics, recently unveiled a Linux variant targeting ESXi environments. This
Critical Linux Kernel Vulnerabilities Patched in Ubuntu Azure Systems
2 - 4 min read
Canonical has fixed several recently identified critical Linux kernel vulnerabilities in July 2024. These vulnerabilities primarily affect Microsoft
The Urgent Need for Secure Software Development: New Report Serves as a Wake-Up Call for the Industry
3 - 5 min read
The Linux Foundation and Open Source Security Foundation recently published a report entitled "Secure Software Development Education 2024
Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved