openSUSE Security Update : ffmpeg (openSUSE-2016-1365)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update to ffmpeg 3.2 fixes the following issues :

- CVE-2016-5199: Heap corruption in FFmpeg (boo#1009892)

FFmpeg was updated to version 3.2, incorporating the following
upstream improvements :

- SDL2 output device and ffplay support

- SDL1 output device and SDL1 support removed

- New: libopenmpt demuxer, fifo muxer, True Audio (TTA)
muxer

- New filters: weave, gblur, avgblur, sobel, prewitt,
vaguedenoiser, yuvtestsrc, lut2, hysteresis,
maskedclamp, crystalizer, acrusher, bitplanenoise,
sidedata, asidedata

- Non-Local Means (nlmeans) denoising filter

- 16-bit support in curves filter and selectivecolor
filter

- Added threads option per filter instance

- The 'curves' filter does not automatically insert points
at x=0 and x=1 anymore

- Matroska muxer now writes CRC32 elements by default in
all Level 1 elements

- New 'tee' protocol

- VP8 in Ogg muxing

- Floating point support in ALS decoder

- Extended mov edit list support

- Changed mapping of RTP MIME type G726 to codec g726le.

Also contains a collection of upstream bug fixes.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1009892

Solution :

Update the affected ffmpeg packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 95377 ()

Bugtraq ID:

CVE ID: CVE-2016-5199

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now