Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200903-33 (ffmpeg gst-plugins-ffmpeg mplayer)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63688

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200903-33 (ffmpeg gst-plugins-ffmpeg mplayer)

Resumen: The remote host is missing updates announced in;advisory GLSA 200903-33.

Descripción: Summary:
The remote host is missing updates announced in
advisory GLSA 200903-33.

Vulnerability Insight:
Multiple vulnerabilities in FFmpeg may lead to the remote execution of
arbitrary code or a Denial of Service.

Solution:
All FFmpeg users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-video/ffmpeg-0.4.9_p20090201'

All gst-plugins-ffmpeg users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-ffmpeg-0.10.5'

All Mplayer users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p28450'

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3162
BugTraq ID: 30154
http://www.securityfocus.com/bid/30154
Debian Security Information: DSA-1781 (Google Search)
http://www.debian.org/security/2009/dsa-1781
http://security.gentoo.org/glsa/glsa-200903-33.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:157
http://www.openwall.com/lists/oss-security/2008/07/09/9
http://www.openwall.com/lists/oss-security/2008/07/16/4
http://secunia.com/advisories/30994
http://secunia.com/advisories/31268
http://secunia.com/advisories/34385
http://secunia.com/advisories/34905
http://www.ubuntu.com/usn/usn-630-1
http://www.vupen.com/english/advisories/2008/2031/references
Common Vulnerability Exposure (CVE) ID: CVE-2008-4866
BugTraq ID: 33308
http://www.securityfocus.com/bid/33308
Debian Security Information: DSA-1782 (Google Search)
http://www.debian.org/security/2009/dsa-1782
http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:013
http://www.mandriva.com/security/advisories?name=MDVSA-2009:015
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html
http://www.openwall.com/lists/oss-security/2008/10/29/6
http://secunia.com/advisories/34296
http://secunia.com/advisories/34845
http://www.ubuntu.com/usn/USN-734-1
XForce ISS Database: ffmpeg-utils-multiple-bo(46322)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46322
Common Vulnerability Exposure (CVE) ID: CVE-2008-4867
http://www.mandriva.com/security/advisories?name=MDVSA-2009:014
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html
XForce ISS Database: ffmpeg-dca-bo(46324)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46324
Common Vulnerability Exposure (CVE) ID: CVE-2008-4868
http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html
XForce ISS Database: ffmpeg-avcodecclose-unspecified(46325)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46325
Common Vulnerability Exposure (CVE) ID: CVE-2008-4869
http://www.mandriva.com/security/advisories?name=MDVSA-2009:297
XForce ISS Database: ffmpeg-tcpudp-dos(46326)
https://exchange.xforce.ibmcloud.com/vulnerabilities/46326
Common Vulnerability Exposure (CVE) ID: CVE-2009-0385
BugTraq ID: 33502
http://www.securityfocus.com/bid/33502
Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/500514/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html
https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html
http://www.trapkit.de/advisories/TKADV2009-004.txt
http://osvdb.org/51643
http://secunia.com/advisories/33711
http://secunia.com/advisories/34712
http://www.vupen.com/english/advisories/2009/0277
XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48330

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63688
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200903-33 (ffmpeg gst-plugins-ffmpeg mplayer)
Resumen:	The remote host is missing updates announced in;advisory GLSA 200903-33.
Descripción:	Summary: The remote host is missing updates announced in advisory GLSA 200903-33. Vulnerability Insight: Multiple vulnerabilities in FFmpeg may lead to the remote execution of arbitrary code or a Denial of Service. Solution: All FFmpeg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/ffmpeg-0.4.9_p20090201' All gst-plugins-ffmpeg users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-plugins/gst-plugins-ffmpeg-0.10.5' All Mplayer users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=media-video/mplayer-1.0_rc2_p28450' CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3162 BugTraq ID: 30154 http://www.securityfocus.com/bid/30154 Debian Security Information: DSA-1781 (Google Search) http://www.debian.org/security/2009/dsa-1781 http://security.gentoo.org/glsa/glsa-200903-33.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:157 http://www.openwall.com/lists/oss-security/2008/07/09/9 http://www.openwall.com/lists/oss-security/2008/07/16/4 http://secunia.com/advisories/30994 http://secunia.com/advisories/31268 http://secunia.com/advisories/34385 http://secunia.com/advisories/34905 http://www.ubuntu.com/usn/usn-630-1 http://www.vupen.com/english/advisories/2008/2031/references Common Vulnerability Exposure (CVE) ID: CVE-2008-4866 BugTraq ID: 33308 http://www.securityfocus.com/bid/33308 Debian Security Information: DSA-1782 (Google Search) http://www.debian.org/security/2009/dsa-1782 http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:013 http://www.mandriva.com/security/advisories?name=MDVSA-2009:015 http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html http://www.openwall.com/lists/oss-security/2008/10/29/6 http://secunia.com/advisories/34296 http://secunia.com/advisories/34845 http://www.ubuntu.com/usn/USN-734-1 XForce ISS Database: ffmpeg-utils-multiple-bo(46322) https://exchange.xforce.ibmcloud.com/vulnerabilities/46322 Common Vulnerability Exposure (CVE) ID: CVE-2008-4867 http://www.mandriva.com/security/advisories?name=MDVSA-2009:014 http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html XForce ISS Database: ffmpeg-dca-bo(46324) https://exchange.xforce.ibmcloud.com/vulnerabilities/46324 Common Vulnerability Exposure (CVE) ID: CVE-2008-4868 http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html XForce ISS Database: ffmpeg-avcodecclose-unspecified(46325) https://exchange.xforce.ibmcloud.com/vulnerabilities/46325 Common Vulnerability Exposure (CVE) ID: CVE-2008-4869 http://www.mandriva.com/security/advisories?name=MDVSA-2009:297 XForce ISS Database: ffmpeg-tcpudp-dos(46326) https://exchange.xforce.ibmcloud.com/vulnerabilities/46326 Common Vulnerability Exposure (CVE) ID: CVE-2009-0385 BugTraq ID: 33502 http://www.securityfocus.com/bid/33502 Bugtraq: 20090128 [TKADV2009-004] FFmpeg Type Conversion Vulnerability (Google Search) http://www.securityfocus.com/archive/1/500514/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00210.html https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00215.html http://www.trapkit.de/advisories/TKADV2009-004.txt http://osvdb.org/51643 http://secunia.com/advisories/33711 http://secunia.com/advisories/34712 http://www.vupen.com/english/advisories/2009/0277 XForce ISS Database: ffmpeg-fourxmreadheader-code-execution(48330) https://exchange.xforce.ibmcloud.com/vulnerabilities/48330
Copyright	Copyright (C) 2009 E-Soft Inc.