| Description: | Summary:
The remote host is missing an update for the Debian 'libav' package(s) announced via the DLA-1611 advisory.
Vulnerability Insight:
Two more security issues have been corrected in the libav multimedia library. This is a follow-up announcement for DLA-1611-1.
CVE-2015-6823
The allocate_buffers function in libavcodec/alac.c did not initialize certain context data, which allowed remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted Apple Lossless Audio Codec (ALAC) data. This issues has now been addressed by clearing pointers in avcodec/alac.c's allocate_buffers().
Other than stated in debian/changelog of upload 6:11.12-1~
deb8u2, this issue only now got fixed with upload of 6:11.12-1~
deb8u3.
CVE-2015-6824
The sws_init_context function in libswscale/utils.c did not initialize certain pixbuf data structures, which allowed remote attackers to cause a denial of service (segmentation violation) or possibly have unspecified other impact via crafted video data. In swscale/utils.c now these pix buffers get cleared which fixes use of uninitialized memory.
Other than stated in debian/changelog of upload 6:11.12-1~
deb8u2, this issue only now got fixed with upload of 6:11.12-1~
deb8u3.
For Debian 8 Jessie, these problems have been fixed in version 6:11.12-1~
deb8u3.
We recommend that you upgrade your libav packages.
Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: [link moved to references]
This VT has been deprecated as a duplicate of the VT 'Debian: Security Advisory (DLA-1611)' (OID: 1.3.6.1.4.1.25623.1.0.891611)
Affected Software/OS:
'libav' package(s) on Debian 8.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
