Lucene search

K
mageiaGentoo FoundationMGASA-2016-0060
HistoryFeb 09, 2016 - 10:05 p.m.

Updated ffmpeg packages fix security vulnerabilities

2016-02-0922:05:34
Gentoo Foundation
advisories.mageia.org
10

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.2%

Updated ffmpeg packages fix security vulnerabilities: FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the concat protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains the first line of a local file (CVE-2016-1897). FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and read arbitrary files by using the subfile protocol in an HTTP Live Streaming (HLS) M3U8 file, leading to an external HTTP request in which the URL string contains an arbitrary line of a local file (CVE-2016-1898). Out-of-array read in FFmpeg before 2.4.13 in jpeg2000_decode_tile() in jpeg2000dec.c (CVE-2016-2213).

OSVersionArchitecturePackageVersionFilename
Mageia5noarchffmpeg< 2.4.13-1ffmpeg-2.4.13-1.mga5
Mageia5noarchffmpeg< 2.4.13-1ffmpeg-2.4.13-1.mga5.tainted

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

0.005 Low

EPSS

Percentile

77.2%