Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2016-0060)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.131219

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2016-0060)

Resumen: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2016-0060 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2016-0060 advisory.

Vulnerability Insight:
Updated ffmpeg packages fix security vulnerabilities:

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read
arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS)
M3U8 file, leading to an external HTTP request in which the URL string
contains the first line of a local file (CVE-2016-1897).

FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read
arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS)
M3U8 file, leading to an external HTTP request in which the URL string
contains an arbitrary line of a local file (CVE-2016-1898).

Out-of-array read in FFmpeg before 2.4.13 in jpeg2000_decode_tile() in
jpeg2000dec.c (CVE-2016-2213).

Affected Software/OS:
'ffmpeg' package(s) on Mageia 5.

Solution:
Please install the updated package(s).

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-1897
BugTraq ID: 80501
http://www.securityfocus.com/bid/80501
CERT/CC vulnerability note: VU#772447
https://www.kb.cert.org/vuls/id/772447
Debian Security Information: DSA-3506 (Google Search)
http://www.debian.org/security/2016/dsa-3506
https://security.gentoo.org/glsa/201606-09
https://security.gentoo.org/glsa/201705-08
http://habrahabr.ru/company/mailru/blog/274855
http://security.stackexchange.com/questions/110644
http://www.openwall.com/lists/oss-security/2016/01/14/1
http://www.securitytracker.com/id/1034932
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036
SuSE Security Announcement: openSUSE-SU-2016:0243 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html
http://www.ubuntu.com/usn/USN-2944-1
Common Vulnerability Exposure (CVE) ID: CVE-2016-1898
Common Vulnerability Exposure (CVE) ID: CVE-2016-2213
http://www.securitytracker.com/id/1034923

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.131219
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2016-0060)
Resumen:	The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2016-0060 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2016-0060 advisory. Vulnerability Insight: Updated ffmpeg packages fix security vulnerabilities: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file (CVE-2016-1897). FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file (CVE-2016-1898). Out-of-array read in FFmpeg before 2.4.13 in jpeg2000_decode_tile() in jpeg2000dec.c (CVE-2016-2213). Affected Software/OS: 'ffmpeg' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1897 BugTraq ID: 80501 http://www.securityfocus.com/bid/80501 CERT/CC vulnerability note: VU#772447 https://www.kb.cert.org/vuls/id/772447 Debian Security Information: DSA-3506 (Google Search) http://www.debian.org/security/2016/dsa-3506 https://security.gentoo.org/glsa/201606-09 https://security.gentoo.org/glsa/201705-08 http://habrahabr.ru/company/mailru/blog/274855 http://security.stackexchange.com/questions/110644 http://www.openwall.com/lists/oss-security/2016/01/14/1 http://www.securitytracker.com/id/1034932 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.529036 SuSE Security Announcement: openSUSE-SU-2016:0243 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00034.html http://www.ubuntu.com/usn/USN-2944-1 Common Vulnerability Exposure (CVE) ID: CVE-2016-1898 Common Vulnerability Exposure (CVE) ID: CVE-2016-2213 http://www.securitytracker.com/id/1034923
Copyright	Copyright (C) 2016 Greenbone AG