Detections
Analytics

openSUSE Security Update : ffmpeg (openSUSE-2015-821)

high Nessus Plugin ID 87085

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

The ffmpeg package was updated to version 2.8.2 to fix the following security and non security issues :

 - CVE-2015-8216: Fixed the ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c which could cause a denial of service (out-of-bounds array access) (bnc#955346).

 - CVE-2015-8217: Fixed the ff_hevc_parse_sps function in libavcodec/hevc_ps.c which could cause a denial of service (out-of-bounds array access) (bnc#955347).

 - CVE-2015-8218: Fixed the decode_uncompressed function in libavcodec/faxcompr.c which could cause a denial of service (out-of-bounds array access) (bnc#955348).

 - CVE-2015-8219: Fixed the init_tile function in libavcodec/jpeg2000dec.c which could cause a denial of service (out-of-bounds array access) (bnc#955350).

 - Update to new upstream release 2.8.2

 - various fixes in the aac_fixed decoder

 - various fixes in softfloat

 - swresample/resample: increase precision for compensation

 - lavf/mov: add support for sidx fragment indexes

 - avformat/mxfenc: Only store user comment related tags when needed

 - ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.

 - apng: use correct size for output buffer

 - jvdec: avoid unsigned overflow in comparison

 - avcodec/jpeg2000dec: Clip all tile coordinates

 - avcodec/microdvddec: Check for string end in 'P' case

 - avcodec/dirac_parser: Fix undefined memcpy() use

 - avformat/xmv: Discard remainder of packet on error

 - avformat/xmv: factor return check out of if/else

 - avcodec/mpeg12dec: Do not call show_bits() with invalid bits

 - avcodec/faxcompr: Add missing runs check in decode_uncompressed()

 - libavutil/channel_layout: Check strtol*() for failure

 - avformat/mpegts: Only start probing data streams within probe_packets

 - avcodec/hevc_ps: Check chroma_format_idc

 - avcodec/ffv1dec: Check for 0 quant tables

 - avcodec/mjpegdec: Reinitialize IDCT on BPP changes

 - avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it

 - avcodec/h264_slice: Disable slice threads if there are multiple access units in a packet

 - avformat/hls: update cookies on setcookie response

 - opusdec: Don't run vector_fmul_scalar on zero length arrays

 - avcodec/opusdec: Fix extra samples read index

 - avcodec/ffv1: Initialize vlc_state on allocation

 - avcodec/ffv1dec: update progress in case of broken pointer chains

 - avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons

 - rtsp: Allow $ as interleaved packet indicator before a complete response header

 - videodsp: don't overread edges in vfix3 emu_edge.

 - avformat/mp3dec: improve junk skipping heuristic

 - concatdec: fix file_start_time calculation regression

 - avcodec: loongson optimize h264dsp idct and loop filter with mmi

 - avcodec/jpeg2000dec: Clear properties in jpeg2000_dec_cleanup() too

 - avformat/hls: add support for EXT-X-MAP

 - avformat/hls: fix segment selection regression on track changes of live streams

 - configure: Require libkvazaar < 0.7.

 - avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup

 - Drop ffmpeg-mov-sidx-fragment.patch, fixed upstream.

 - Update to new upstream release 2.8.1

 - Minor bugfix release

 - Includes all changes from. Ffmpeg-mt, libav master of 2015-08-28, libav 11 as of 2015-08-28

 - Add ffmpeg-mov-sidx-fragment.patch to add sidx fragment indexes. Needed for new mpv release.

Solution

Update the affected ffmpeg packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=955346

https://bugzilla.opensuse.org/show_bug.cgi?id=955347

https://bugzilla.opensuse.org/show_bug.cgi?id=955348

https://bugzilla.opensuse.org/show_bug.cgi?id=955350

Plugin Details

Severity: High

ID: 87085

File Name: openSUSE-2015-821.nasl

Version: 2.3

Type: local

Agent: unix

Published: 11/30/2015

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ffmpeg, p-cpe:/a:novell:opensuse:ffmpeg-debuginfo, p-cpe:/a:novell:opensuse:ffmpeg-debugsource, p-cpe:/a:novell:opensuse:ffmpeg-devel, p-cpe:/a:novell:opensuse:libavcodec-devel, p-cpe:/a:novell:opensuse:libavcodec56, p-cpe:/a:novell:opensuse:libavcodec56-32bit, p-cpe:/a:novell:opensuse:libavcodec56-debuginfo, p-cpe:/a:novell:opensuse:libavcodec56-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavdevice-devel, p-cpe:/a:novell:opensuse:libavdevice56, p-cpe:/a:novell:opensuse:libavdevice56-32bit, p-cpe:/a:novell:opensuse:libavdevice56-debuginfo, p-cpe:/a:novell:opensuse:libavdevice56-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavfilter-devel, p-cpe:/a:novell:opensuse:libavfilter5, p-cpe:/a:novell:opensuse:libavfilter5-32bit, p-cpe:/a:novell:opensuse:libavfilter5-debuginfo, p-cpe:/a:novell:opensuse:libavfilter5-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavformat-devel, p-cpe:/a:novell:opensuse:libavformat56, p-cpe:/a:novell:opensuse:libavformat56-32bit, p-cpe:/a:novell:opensuse:libavformat56-debuginfo, p-cpe:/a:novell:opensuse:libavformat56-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavresample-devel, p-cpe:/a:novell:opensuse:libavresample2, p-cpe:/a:novell:opensuse:libavresample2-32bit, p-cpe:/a:novell:opensuse:libavresample2-debuginfo, p-cpe:/a:novell:opensuse:libavresample2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavutil-devel, p-cpe:/a:novell:opensuse:libavutil54, p-cpe:/a:novell:opensuse:libavutil54-32bit, p-cpe:/a:novell:opensuse:libavutil54-debuginfo, p-cpe:/a:novell:opensuse:libavutil54-debuginfo-32bit, p-cpe:/a:novell:opensuse:libpostproc-devel, p-cpe:/a:novell:opensuse:libpostproc53, p-cpe:/a:novell:opensuse:libpostproc53-32bit, p-cpe:/a:novell:opensuse:libpostproc53-debuginfo, p-cpe:/a:novell:opensuse:libpostproc53-debuginfo-32bit, p-cpe:/a:novell:opensuse:libswresample-devel, p-cpe:/a:novell:opensuse:libswresample1, p-cpe:/a:novell:opensuse:libswresample1-32bit, p-cpe:/a:novell:opensuse:libswresample1-debuginfo, p-cpe:/a:novell:opensuse:libswresample1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libswscale-devel, p-cpe:/a:novell:opensuse:libswscale3, p-cpe:/a:novell:opensuse:libswscale3-32bit, p-cpe:/a:novell:opensuse:libswscale3-debuginfo, p-cpe:/a:novell:opensuse:libswscale3-debuginfo-32bit, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 11/27/2015

Reference Information

CVE: CVE-2015-8216, CVE-2015-8217, CVE-2015-8218, CVE-2015-8219