[gentoo-announce] [ GLSA 201603-06 ] FFmpeg: Multiple vulnerabilities

Fabricante: Gentoo
Fecha: 12/03/2016
Identificador: GLSA 201603-06
[gentoo-announce] [ GLSA 201603-06 ] FFmpeg: Multiple vulnerabilities
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201603-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: FFmpeg: Multiple vulnerabilities Date: March 12, 2016 Bugs: #485228, #486692, #488052, #492742, #493452, #494038, #515282, #520132, #536218, #537558, #548006, #553734 ID: 201603-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in FFmpeg, the worst of which could lead to arbitrary code execution or Denial of Service condition. Background ========== FFmpeg is a complete, cross-platform solution to record, convert and stream audio and video. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/ffmpeg < 2.6.3 >= 2.6.3 Description =========== Multiple vulnerabilities have been discovered in FFmpeg. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could possibly execute arbitrary code or cause a Denial of Service condition. Workaround ========== There is no known workaround at this time. Resolution ========== All FFmpeg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=media-video/ffmpeg-2.6.3" References ========== [ 1 ] CVE-2013-0860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0860 [ 2 ] CVE-2013-0861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0861 [ 3 ] CVE-2013-0862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0862 [ 4 ] CVE-2013-0863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0863 [ 5 ] CVE-2013-0864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0864 [ 6 ] CVE-2013-0865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0865 [ 7 ] CVE-2013-0866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0866 [ 8 ] CVE-2013-0867 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0867 [ 9 ] CVE-2013-0868 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0868 [ 10 ] CVE-2013-0872 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0872 [ 11 ] CVE-2013-0873 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0873 [ 12 ] CVE-2013-0874 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0874 [ 13 ] CVE-2013-0875 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0875 [ 14 ] CVE-2013-0876 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0876 [ 15 ] CVE-2013-0877 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0877 [ 16 ] CVE-2013-0878 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0878 [ 17 ] CVE-2013-4263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4263 [ 18 ] CVE-2013-4264 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4264 [ 19 ] CVE-2013-4265 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4265 [ 20 ] CVE-2013-7008 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7008 [ 21 ] CVE-2013-7009 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7009 [ 22 ] CVE-2013-7010 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7010 [ 23 ] CVE-2013-7011 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7011 [ 24 ] CVE-2013-7012 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7012 [ 25 ] CVE-2013-7013 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7013 [ 26 ] CVE-2013-7014 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7014 [ 27 ] CVE-2013-7015 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7015 [ 28 ] CVE-2013-7016 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7016 [ 29 ] CVE-2013-7017 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7017 [ 30 ] CVE-2013-7018 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7018 [ 31 ] CVE-2013-7019 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7019 [ 32 ] CVE-2013-7020 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7020 [ 33 ] CVE-2013-7021 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7021 [ 34 ] CVE-2013-7022 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7022 [ 35 ] CVE-2013-7023 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7023 [ 36 ] CVE-2013-7024 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7024 [ 37 ] CVE-2014-2097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2097 [ 38 ] CVE-2014-2098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2098 [ 39 ] CVE-2014-2263 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2263 [ 40 ] CVE-2014-5271 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5271 [ 41 ] CVE-2014-5272 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5272 [ 42 ] CVE-2014-7937 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-7937 [ 43 ] CVE-2014-8541 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8541 [ 44 ] CVE-2014-8542 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8542 [ 45 ] CVE-2014-8543 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8543 [ 46 ] CVE-2014-8544 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8544 [ 47 ] CVE-2014-8545 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8545 [ 48 ] CVE-2014-8546 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8546 [ 49 ] CVE-2014-8547 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8547 [ 50 ] CVE-2014-8548 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8548 [ 51 ] CVE-2014-8549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8549 [ 52 ] CVE-2014-9316 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9316 [ 53 ] CVE-2014-9317 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9317 [ 54 ] CVE-2014-9318 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9318 [ 55 ] CVE-2014-9319 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9319 [ 56 ] CVE-2014-9602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9602 [ 57 ] CVE-2014-9603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9603 [ 58 ] CVE-2014-9604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9604 [ 59 ] CVE-2015-3395 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3395 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201603-06 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5