openSUSE Security Update : ffmpeg (openSUSE-2016-1160)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

ffmpeg was updated to 2.8.8 to fix the following issues, both bugs and
security issues :

- avformat/oggparsevp8: fix pts calculation on pages
ending with an invisible frame

- avcodec/mjpegdec: Do not try to detect last scan but
apply idct after all scans for progressive jpeg

- avformat/oggparseopus: Check that granule pos is within
the supported range

- avformat/utils: Check bps before using it in a shift in
ff_get_pcm_codec_id()

- ffmpeg: Check that r_frame_rate is set before attempting
to use it

- avformat/utils: Do not compute the bitrate from duration
== 0

- avformat/utils: Check negative bps before shifting in
ff_get_pcm_codec_id()

- avformat/avidec: Detect index with too short entries

- avformat/oggparseopus: Fix Undefined behavior in
oggparseopus.c and libavformat/utils.c

- avformat/allformats: Making av_register_all()
thread-safe.

- avcodec/vp9_parser: Check the input frame sizes for
being consistent

- avformat/oggdec: Fix integer overflow with invalid pts

- avcodec/ffv1enc: Fix assertion failure with non zero
bits per sample

- avcodec/diracdec: Check numx/y

- avformat/avidec: Fix infinite loop in avi_read_nikon()

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=998636

Solution :

Update the affected ffmpeg packages.

Risk factor :

Medium

Family: SuSE Local Security Checks

Nessus Plugin ID: 93996 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now