Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2020-0046)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2020.0046

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2020-0046)

Resumen: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory.

Descripción: Summary:
The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory.

Vulnerability Insight:
Updated ffmpeg packages fix security vulnerabilities:

This update provides ffmpeg version 4.1.5, which fixes several bugs, and
atleasst the following security vulnerabilities:

In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL
pointer dereference and possibly unspecified other impact when there is
no valid close function pointer (CVE-2019-17539).

FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk
because of an out-of-array access in vqa_decode_init in libavcodec/
vqavideo.c (CVE-2019-17542).

Affected Software/OS:
'ffmpeg' package(s) on Mageia 7.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-17539
Debian Security Information: DSA-4722 (Google Search)
https://www.debian.org/security/2020/dsa-4722
https://security.gentoo.org/glsa/202003-65
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733
https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c
https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html
https://usn.ubuntu.com/4431-1/
Common Vulnerability Exposure (CVE) ID: CVE-2019-17542
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919
https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2
https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html
https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0046
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0046)
Resumen:	The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory.
Descripción:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the MGASA-2020-0046 advisory. Vulnerability Insight: Updated ffmpeg packages fix security vulnerabilities: This update provides ffmpeg version 4.1.5, which fixes several bugs, and atleasst the following security vulnerabilities: In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer (CVE-2019-17539). FFmpeg before 4.2 has a heap-based buffer overflow in vqa_decode_chunk because of an out-of-array access in vqa_decode_init in libavcodec/ vqavideo.c (CVE-2019-17542). Affected Software/OS: 'ffmpeg' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-17539 Debian Security Information: DSA-4722 (Google Search) https://www.debian.org/security/2020/dsa-4722 https://security.gentoo.org/glsa/202003-65 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15733 https://github.com/FFmpeg/FFmpeg/commit/8df6884832ec413cf032dfaa45c23b1c7876670c https://lists.debian.org/debian-lts-announce/2021/01/msg00026.html https://usn.ubuntu.com/4431-1/ Common Vulnerability Exposure (CVE) ID: CVE-2019-17542 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15919 https://github.com/FFmpeg/FFmpeg/commit/02f909dc24b1f05cfbba75077c7707b905e63cd2 https://lists.debian.org/debian-lts-announce/2019/12/msg00003.html https://lists.debian.org/debian-lts-announce/2020/07/msg00022.html
Copyright	Copyright (C) 2022 Greenbone AG