Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0046)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2020.0046

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2020-0046)

Zusammenfassung: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory.

Vulnerability Insight:
Updated ffmpeg packages fix security vulnerabilities:

This update provides ffmpeg version 4.1.5, which fixes several bugs, and
atleasst the following security vulnerabilities:

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL
pointer dereference and possibly unspecified other impact when there is
no valid close function pointer (CVE-2019-17539).

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk
because of an out-of-array access in vqa_decode_init in libavcodec/
vqavideo.c (CVE-2019-17542).

Affected Software/OS:
'ffmpeg' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2019-17539
Debian Security Information: DSA-4722 (Google Search)
https://www.debian.org/security/2020/dsa-4722
https://security.gentoo.org/glsa/202003-65
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733
https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html
https://usn.ubuntu.com/4431-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-17542
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919
https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2020.0046
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2020-0046)
Zusammenfassung:	The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory. Vulnerability Insight: Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several bugs, and atleasst the following security vulnerabilities: In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer (CVE-2019-17539). FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/ vqavideo.c (CVE-2019-17542). Affected Software/OS: 'ffmpeg' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17539 Debian Security Information: DSA-4722 (Google Search) https://www.debian.org/security/2020/dsa-4722 https://security.gentoo.org/glsa/202003-65 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733 https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html https://usn.ubuntu.com/4431-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-17542 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2 https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html
Copyright	Copyright (C) 2022 Greenbone AG