[SECURITY] [DLA 515-1] libav security update

2016-06-1412:33:22

lists.debian.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.6%

JSON

Package : libav
Version : 6:0.8.17-2+deb7u2
CVE ID : CVE-2016-3062

It was discovered that there was a memory corruption issue in
libav (a multimedia player, server, encoder and transcoder) when
parsing .mp4 files which could lead to crash or possibly execute
arbitrary code.

For Debian 7 "Wheezy", this issue has been fixed in libav version
6:0.8.17-2+deb7u2.

We recommend that you upgrade your libav packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian8armhflibavresample2< 6:11.7-1~deb8u1libavresample2_6:11.7-1~deb8u1_armhf.deb
Debian8kfreebsd-i386libavformat56< 6:11.7-1~deb8u1libavformat56_6:11.7-1~deb8u1_kfreebsd-i386.deb
Debian7i386libswscale-dev< 6:0.8.17-2+deb7u2libswscale-dev_6:0.8.17-2+deb7u2_i386.deb
Debian8arm64libavutil-dev< 6:11.7-1~deb8u1libavutil-dev_6:11.7-1~deb8u1_arm64.deb
Debian7armhflibavutil-dev< 6:0.8.17-2+deb7u2libavutil-dev_6:0.8.17-2+deb7u2_armhf.deb
Debian8kfreebsd-i386libav-dbg< 6:11.7-1~deb8u1libav-dbg_6:11.7-1~deb8u1_kfreebsd-i386.deb
Debian8armellibswscale3< 6:11.7-1~deb8u1libswscale3_6:11.7-1~deb8u1_armel.deb
Debian8powerpclibav-dbg< 6:11.7-1~deb8u1libav-dbg_6:11.7-1~deb8u1_powerpc.deb
Debian8i386libavresample-dev< 6:11.7-1~deb8u1libavresample-dev_6:11.7-1~deb8u1_i386.deb
Debian8powerpclibavcodec-dev< 6:11.7-1~deb8u1libavcodec-dev_6:11.7-1~deb8u1_powerpc.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	armhf	libavresample2	< 6:11.7-1~deb8u1	libavresample2_6:11.7-1~deb8u1_armhf.deb
Debian	8	kfreebsd-i386	libavformat56	< 6:11.7-1~deb8u1	libavformat56_6:11.7-1~deb8u1_kfreebsd-i386.deb
Debian	7	i386	libswscale-dev	< 6:0.8.17-2+deb7u2	libswscale-dev_6:0.8.17-2+deb7u2_i386.deb
Debian	8	arm64	libavutil-dev	< 6:11.7-1~deb8u1	libavutil-dev_6:11.7-1~deb8u1_arm64.deb
Debian	7	armhf	libavutil-dev	< 6:0.8.17-2+deb7u2	libavutil-dev_6:0.8.17-2+deb7u2_armhf.deb
Debian	8	kfreebsd-i386	libav-dbg	< 6:11.7-1~deb8u1	libav-dbg_6:11.7-1~deb8u1_kfreebsd-i386.deb
Debian	8	armel	libswscale3	< 6:11.7-1~deb8u1	libswscale3_6:11.7-1~deb8u1_armel.deb
Debian	8	powerpc	libav-dbg	< 6:11.7-1~deb8u1	libav-dbg_6:11.7-1~deb8u1_powerpc.deb
Debian	8	i386	libavresample-dev	< 6:11.7-1~deb8u1	libavresample-dev_6:11.7-1~deb8u1_i386.deb
Debian	8	powerpc	libavcodec-dev	< 6:11.7-1~deb8u1	libavcodec-dev_6:11.7-1~deb8u1_powerpc.deb