openSUSE Security Update : ffmpeg (openSUSE-2015-821)

High Nessus Plugin ID 87085


The remote openSUSE host is missing a security update.


The ffmpeg package was updated to version 2.8.2 to fix the following security and non security issues :

- CVE-2015-8216: Fixed the ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c which could cause a denial of service (out-of-bounds array access) (bnc#955346).

- CVE-2015-8217: Fixed the ff_hevc_parse_sps function in libavcodec/hevc_ps.c which could cause a denial of service (out-of-bounds array access) (bnc#955347).

- CVE-2015-8218: Fixed the decode_uncompressed function in libavcodec/faxcompr.c which could cause a denial of service (out-of-bounds array access) (bnc#955348).

- CVE-2015-8219: Fixed the init_tile function in libavcodec/jpeg2000dec.c which could cause a denial of service (out-of-bounds array access) (bnc#955350).

- Update to new upstream release 2.8.2

- various fixes in the aac_fixed decoder

- various fixes in softfloat

- swresample/resample: increase precision for compensation

- lavf/mov: add support for sidx fragment indexes

- avformat/mxfenc: Only store user comment related tags when needed

- ffmpeg: Don't try and write sdp info if none of the outputs had an rtp format.

- apng: use correct size for output buffer

- jvdec: avoid unsigned overflow in comparison

- avcodec/jpeg2000dec: Clip all tile coordinates

- avcodec/microdvddec: Check for string end in 'P' case

- avcodec/dirac_parser: Fix undefined memcpy() use

- avformat/xmv: Discard remainder of packet on error

- avformat/xmv: factor return check out of if/else

- avcodec/mpeg12dec: Do not call show_bits() with invalid bits

- avcodec/faxcompr: Add missing runs check in decode_uncompressed()

- libavutil/channel_layout: Check strtol*() for failure

- avformat/mpegts: Only start probing data streams within probe_packets

- avcodec/hevc_ps: Check chroma_format_idc

- avcodec/ffv1dec: Check for 0 quant tables

- avcodec/mjpegdec: Reinitialize IDCT on BPP changes

- avcodec/mjpegdec: Check index in ljpeg_decode_yuv_scan() before using it

- avcodec/h264_slice: Disable slice threads if there are multiple access units in a packet

- avformat/hls: update cookies on setcookie response

- opusdec: Don't run vector_fmul_scalar on zero length arrays

- avcodec/opusdec: Fix extra samples read index

- avcodec/ffv1: Initialize vlc_state on allocation

- avcodec/ffv1dec: update progress in case of broken pointer chains

- avcodec/ffv1dec: Clear slice coordinates if they are invalid or slice header decoding fails for other reasons

- rtsp: Allow $ as interleaved packet indicator before a complete response header

- videodsp: don't overread edges in vfix3 emu_edge.

- avformat/mp3dec: improve junk skipping heuristic

- concatdec: fix file_start_time calculation regression

- avcodec: loongson optimize h264dsp idct and loop filter with mmi

- avcodec/jpeg2000dec: Clear properties in jpeg2000_dec_cleanup() too

- avformat/hls: add support for EXT-X-MAP

- avformat/hls: fix segment selection regression on track changes of live streams

- configure: Require libkvazaar < 0.7.

- avcodec/vp8: Do not use num_coeff_partitions in thread/buffer setup

- Drop ffmpeg-mov-sidx-fragment.patch, fixed upstream.

- Update to new upstream release 2.8.1

- Minor bugfix release

- Includes all changes from. Ffmpeg-mt, libav master of 2015-08-28, libav 11 as of 2015-08-28

- Add ffmpeg-mov-sidx-fragment.patch to add sidx fragment indexes. Needed for new mpv release.


Update the affected ffmpeg packages.

See Also

Plugin Details

Severity: High

ID: 87085

File Name: openSUSE-2015-821.nasl

Version: $Revision: 2.1 $

Type: local

Agent: unix

Published: 2015/11/30

Modified: 2015/11/30

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:ffmpeg, p-cpe:/a:novell:opensuse:ffmpeg-debuginfo, p-cpe:/a:novell:opensuse:ffmpeg-debugsource, p-cpe:/a:novell:opensuse:ffmpeg-devel, p-cpe:/a:novell:opensuse:libavcodec-devel, p-cpe:/a:novell:opensuse:libavcodec56, p-cpe:/a:novell:opensuse:libavcodec56-32bit, p-cpe:/a:novell:opensuse:libavcodec56-debuginfo, p-cpe:/a:novell:opensuse:libavcodec56-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavdevice-devel, p-cpe:/a:novell:opensuse:libavdevice56, p-cpe:/a:novell:opensuse:libavdevice56-32bit, p-cpe:/a:novell:opensuse:libavdevice56-debuginfo, p-cpe:/a:novell:opensuse:libavdevice56-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavfilter-devel, p-cpe:/a:novell:opensuse:libavfilter5, p-cpe:/a:novell:opensuse:libavfilter5-32bit, p-cpe:/a:novell:opensuse:libavfilter5-debuginfo, p-cpe:/a:novell:opensuse:libavfilter5-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavformat-devel, p-cpe:/a:novell:opensuse:libavformat56, p-cpe:/a:novell:opensuse:libavformat56-32bit, p-cpe:/a:novell:opensuse:libavformat56-debuginfo, p-cpe:/a:novell:opensuse:libavformat56-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavresample-devel, p-cpe:/a:novell:opensuse:libavresample2, p-cpe:/a:novell:opensuse:libavresample2-32bit, p-cpe:/a:novell:opensuse:libavresample2-debuginfo, p-cpe:/a:novell:opensuse:libavresample2-debuginfo-32bit, p-cpe:/a:novell:opensuse:libavutil-devel, p-cpe:/a:novell:opensuse:libavutil54, p-cpe:/a:novell:opensuse:libavutil54-32bit, p-cpe:/a:novell:opensuse:libavutil54-debuginfo, p-cpe:/a:novell:opensuse:libavutil54-debuginfo-32bit, p-cpe:/a:novell:opensuse:libpostproc-devel, p-cpe:/a:novell:opensuse:libpostproc53, p-cpe:/a:novell:opensuse:libpostproc53-32bit, p-cpe:/a:novell:opensuse:libpostproc53-debuginfo, p-cpe:/a:novell:opensuse:libpostproc53-debuginfo-32bit, p-cpe:/a:novell:opensuse:libswresample-devel, p-cpe:/a:novell:opensuse:libswresample1, p-cpe:/a:novell:opensuse:libswresample1-32bit, p-cpe:/a:novell:opensuse:libswresample1-debuginfo, p-cpe:/a:novell:opensuse:libswresample1-debuginfo-32bit, p-cpe:/a:novell:opensuse:libswscale-devel, p-cpe:/a:novell:opensuse:libswscale3, p-cpe:/a:novell:opensuse:libswscale3-32bit, p-cpe:/a:novell:opensuse:libswscale3-debuginfo, p-cpe:/a:novell:opensuse:libswscale3-debuginfo-32bit, cpe:/o:novell:opensuse:42.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2015/11/27

Reference Information

CVE: CVE-2015-8216, CVE-2015-8217, CVE-2015-8218, CVE-2015-8219