openSUSE Security Update: Security update for ffmpeg
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2016:0089-1
Rating:             important
References:         #960383 #960384 #960385 
Cross-References:   CVE-2015-8661 CVE-2015-8662 CVE-2015-8663
                   
Affected Products:
                    openSUSE Leap 42.1
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   This update to ffmpeg 2.8.4 fixes the following issues:

   * CVE-2015-8661: Denial of service via crafted .mov file [boo#960385]
   * CVE-2015-8662: Denial of service via crafted JPEG 2000 data [boo#960384]
   * CVE-2015-8663: Denial of service via crafted H.264 data [boo#960383]


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.1:

      zypper in -t patch openSUSE-2016-26=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.1 (i586 x86_64):

      ffmpeg-2.8.4-9.1
      ffmpeg-debuginfo-2.8.4-9.1
      ffmpeg-debugsource-2.8.4-9.1
      ffmpeg-devel-2.8.4-9.1
      libavcodec-devel-2.8.4-9.1
      libavcodec56-2.8.4-9.1
      libavcodec56-debuginfo-2.8.4-9.1
      libavdevice-devel-2.8.4-9.1
      libavdevice56-2.8.4-9.1
      libavdevice56-debuginfo-2.8.4-9.1
      libavfilter-devel-2.8.4-9.1
      libavfilter5-2.8.4-9.1
      libavfilter5-debuginfo-2.8.4-9.1
      libavformat-devel-2.8.4-9.1
      libavformat56-2.8.4-9.1
      libavformat56-debuginfo-2.8.4-9.1
      libavresample-devel-2.8.4-9.1
      libavresample2-2.8.4-9.1
      libavresample2-debuginfo-2.8.4-9.1
      libavutil-devel-2.8.4-9.1
      libavutil54-2.8.4-9.1
      libavutil54-debuginfo-2.8.4-9.1
      libpostproc-devel-2.8.4-9.1
      libpostproc53-2.8.4-9.1
      libpostproc53-debuginfo-2.8.4-9.1
      libswresample-devel-2.8.4-9.1
      libswresample1-2.8.4-9.1
      libswresample1-debuginfo-2.8.4-9.1
      libswscale-devel-2.8.4-9.1
      libswscale3-2.8.4-9.1
      libswscale3-debuginfo-2.8.4-9.1

   - openSUSE Leap 42.1 (x86_64):

      libavcodec56-32bit-2.8.4-9.1
      libavcodec56-debuginfo-32bit-2.8.4-9.1
      libavdevice56-32bit-2.8.4-9.1
      libavdevice56-debuginfo-32bit-2.8.4-9.1
      libavfilter5-32bit-2.8.4-9.1
      libavfilter5-debuginfo-32bit-2.8.4-9.1
      libavformat56-32bit-2.8.4-9.1
      libavformat56-debuginfo-32bit-2.8.4-9.1
      libavresample2-32bit-2.8.4-9.1
      libavresample2-debuginfo-32bit-2.8.4-9.1
      libavutil54-32bit-2.8.4-9.1
      libavutil54-debuginfo-32bit-2.8.4-9.1
      libpostproc53-32bit-2.8.4-9.1
      libpostproc53-debuginfo-32bit-2.8.4-9.1
      libswresample1-32bit-2.8.4-9.1
      libswresample1-debuginfo-32bit-2.8.4-9.1
      libswscale3-32bit-2.8.4-9.1
      libswscale3-debuginfo-32bit-2.8.4-9.1


References:

   https://www.suse.com/security/cve/CVE-2015-8661.html
   https://www.suse.com/security/cve/CVE-2015-8662.html
   https://www.suse.com/security/cve/CVE-2015-8663.html
   https://bugzilla.suse.com/960383
   https://bugzilla.suse.com/960384
   https://bugzilla.suse.com/960385

openSUSE: 2016:0089-1: important: ffmpeg

January 12, 2016
An update that fixes three vulnerabilities is now available

Description

This update to ffmpeg 2.8.4 fixes the following issues: * CVE-2015-8661: Denial of service via crafted .mov file [boo#960385] * CVE-2015-8662: Denial of service via crafted JPEG 2000 data [boo#960384] * CVE-2015-8663: Denial of service via crafted H.264 data [boo#960383]

 

Patch

Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-26=1 To bring your system up-to-date, use "zypper patch".


Package List

- openSUSE Leap 42.1 (i586 x86_64): ffmpeg-2.8.4-9.1 ffmpeg-debuginfo-2.8.4-9.1 ffmpeg-debugsource-2.8.4-9.1 ffmpeg-devel-2.8.4-9.1 libavcodec-devel-2.8.4-9.1 libavcodec56-2.8.4-9.1 libavcodec56-debuginfo-2.8.4-9.1 libavdevice-devel-2.8.4-9.1 libavdevice56-2.8.4-9.1 libavdevice56-debuginfo-2.8.4-9.1 libavfilter-devel-2.8.4-9.1 libavfilter5-2.8.4-9.1 libavfilter5-debuginfo-2.8.4-9.1 libavformat-devel-2.8.4-9.1 libavformat56-2.8.4-9.1 libavformat56-debuginfo-2.8.4-9.1 libavresample-devel-2.8.4-9.1 libavresample2-2.8.4-9.1 libavresample2-debuginfo-2.8.4-9.1 libavutil-devel-2.8.4-9.1 libavutil54-2.8.4-9.1 libavutil54-debuginfo-2.8.4-9.1 libpostproc-devel-2.8.4-9.1 libpostproc53-2.8.4-9.1 libpostproc53-debuginfo-2.8.4-9.1 libswresample-devel-2.8.4-9.1 libswresample1-2.8.4-9.1 libswresample1-debuginfo-2.8.4-9.1 libswscale-devel-2.8.4-9.1 libswscale3-2.8.4-9.1 libswscale3-debuginfo-2.8.4-9.1 - openSUSE Leap 42.1 (x86_64): libavcodec56-32bit-2.8.4-9.1 libavcodec56-debuginfo-32bit-2.8.4-9.1 libavdevice56-32bit-2.8.4-9.1 libavdevice56-debuginfo-32bit-2.8.4-9.1 libavfilter5-32bit-2.8.4-9.1 libavfilter5-debuginfo-32bit-2.8.4-9.1 libavformat56-32bit-2.8.4-9.1 libavformat56-debuginfo-32bit-2.8.4-9.1 libavresample2-32bit-2.8.4-9.1 libavresample2-debuginfo-32bit-2.8.4-9.1 libavutil54-32bit-2.8.4-9.1 libavutil54-debuginfo-32bit-2.8.4-9.1 libpostproc53-32bit-2.8.4-9.1 libpostproc53-debuginfo-32bit-2.8.4-9.1 libswresample1-32bit-2.8.4-9.1 libswresample1-debuginfo-32bit-2.8.4-9.1 libswscale3-32bit-2.8.4-9.1 libswscale3-debuginfo-32bit-2.8.4-9.1


References

https://www.suse.com/security/cve/CVE-2015-8661.html https://www.suse.com/security/cve/CVE-2015-8662.html https://www.suse.com/security/cve/CVE-2015-8663.html https://bugzilla.suse.com/960383 https://bugzilla.suse.com/960384 https://bugzilla.suse.com/960385


Severity
Announcement ID: openSUSE-SU-2016:0089-1
Rating: important
Affected Products: openSUSE Leap 42.1 .

Related News

Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered
Open Source Strategies for Enhancing Security in Digital Business Operations
5 - 9 min read
Digital transformation, powered by the principles of open-source security , is vital for businesses looking to excel in today's technology-driven
Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved