Test Kennung:	1.3.6.1.4.1.25623.1.0.131185
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2016-0018)
Zusammenfassung:	The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2016-0018 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2016-0018 advisory. Vulnerability Insight: The update_dimensions function in libavcodec/vp8.c in FFmpeg before 2.4.12, as used in Google Chrome before 46.0.2490.71 and other products, relies on a coefficient-partition count during multi-threaded operation, which allows remote attackers to cause a denial of service (race condition and memory corruption) or possibly have unspecified other impact via a crafted WebM file (CVE-2015-6761). The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before 2.4.11 does not enforce uniqueness of the IHDR (aka image header) chunk in a PNG image, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted image with two or more of these chunks (CVE-2015-6818). The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before 2.4.11 does not check for a matching AAC frame syntax element before proceeding with Spectral Band Replication calculations, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted AAC data (CVE-2015-6820). The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg before 2.4.11 does not properly maintain the encoding context, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via crafted MPEG data (CVE-2015-6821). The destroy_buffers function in libavcodec/sanm.c in FFmpeg before 2.4.11 does not properly maintain height and width values in the video context, which allows remote attackers to cause a denial of service (segmentation violation and application crash) or possibly have unspecified other impact via crafted LucasArts Smush video data (CVE-2015-6822). The allocate_buffers function in libavcodec/alac.c in FFmpeg before 2.4.11 does not initialize certain context data, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data (CVE-2015-6823). The sws_init_context function in libswscale/utils.c in FFmpeg before 2.4.11 does not initialize certain pixbuf data structures, which allows remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data (CVE-2015-6824). The ff_frame_thread_init function in libavcodec/pthread_frame.c in FFmpeg before 2.4.11 mishandles certain memory-allocation failures, which allows remote attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via a crafted file, as demonstrated by an AVI file (CVE-2015-6825). The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in FFmpeg before 2.4.11 does not initialize certain structure members, which allows remote attackers to cause a denial of service (invalid pointer access) ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'ffmpeg' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-6761 BugTraq ID: 77073 http://www.securityfocus.com/bid/77073 Debian Security Information: DSA-3376 (Google Search) http://www.debian.org/security/2015/dsa-3376 https://security.gentoo.org/glsa/201603-09 https://lists.debian.org/debian-lts-announce/2018/12/msg00009.html RedHat Security Advisories: RHSA-2015:1912 http://rhn.redhat.com/errata/RHSA-2015-1912.html http://www.securitytracker.com/id/1033816 http://www.ubuntu.com/usn/USN-2770-1 http://www.ubuntu.com/usn/USN-2770-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-6818 http://www.securitytracker.com/id/1033483 http://www.ubuntu.com/usn/USN-2944-1 Common Vulnerability Exposure (CVE) ID: CVE-2015-6820 Common Vulnerability Exposure (CVE) ID: CVE-2015-6821 Common Vulnerability Exposure (CVE) ID: CVE-2015-6822 https://lists.debian.org/debian-lts-announce/2018/12/msg00010.html Common Vulnerability Exposure (CVE) ID: CVE-2015-6823 Common Vulnerability Exposure (CVE) ID: CVE-2015-6824 Common Vulnerability Exposure (CVE) ID: CVE-2015-6825 Common Vulnerability Exposure (CVE) ID: CVE-2015-6826 Common Vulnerability Exposure (CVE) ID: CVE-2015-8216 SuSE Security Announcement: openSUSE-SU-2015:2120 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-11/msg00146.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8219 Common Vulnerability Exposure (CVE) ID: CVE-2015-8363 SuSE Security Announcement: openSUSE-SU-2015:2370 (Google Search) http://lists.opensuse.org/opensuse-updates/2015-12/msg00118.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8364 Common Vulnerability Exposure (CVE) ID: CVE-2015-8365 Debian Security Information: DSA-4012 (Google Search) http://www.debian.org/security/2017/dsa-4012 Common Vulnerability Exposure (CVE) ID: CVE-2015-8661 http://www.securitytracker.com/id/1034539 SuSE Security Announcement: openSUSE-SU-2016:0089 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00004.html Common Vulnerability Exposure (CVE) ID: CVE-2015-8662 Common Vulnerability Exposure (CVE) ID: CVE-2015-8663
Copyright	Copyright (C) 2016 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.