Lucene search
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.OPENSUSE-2016-94.NASLHistoryJan 27, 2016 - 12:00 a.m.
openSUSE Security Update : ffmpeg (openSUSE-2016-94)
2016-01-2700:00:00
This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.
www.tenable.com
17
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.2%
This update to ffmpeg 2.8.5 fixes the following issues :
-
CVE-2016-1897: Cross-origin issue in URL processing (concat) - local file disclosure (boo#961937)
-
CVE-2016-1898: Cross-origin issue in URL processing (subfile) - local file disclosure (boo#961937)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2016-94.
#
# The text description of this plugin is (C) SUSE LLC.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(88400);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");
script_cve_id("CVE-2016-1897", "CVE-2016-1898");
script_name(english:"openSUSE Security Update : ffmpeg (openSUSE-2016-94)");
script_summary(english:"Check for the openSUSE-2016-94 patch");
script_set_attribute(
attribute:"synopsis",
value:"The remote openSUSE host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update to ffmpeg 2.8.5 fixes the following issues :
- CVE-2016-1897: Cross-origin issue in URL processing
(concat) - local file disclosure (boo#961937)
- CVE-2016-1898: Cross-origin issue in URL processing
(subfile) - local file disclosure (boo#961937)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.opensuse.org/show_bug.cgi?id=961937"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected ffmpeg packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:ffmpeg-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavcodec56-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavdevice56-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavfilter5-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavformat56-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavresample2-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libavutil54-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libpostproc53-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswresample1-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-32bit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:libswscale3-debuginfo-32bit");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
script_set_attribute(attribute:"patch_publication_date", value:"2016/01/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/27");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "42.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
flag = 0;
if ( rpm_check(release:"SUSE42.1", reference:"ffmpeg-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"ffmpeg-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"ffmpeg-debugsource-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"ffmpeg-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavcodec-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavcodec56-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavcodec56-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavdevice-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavdevice56-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavdevice56-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavfilter-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavfilter5-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavfilter5-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavformat-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavformat56-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavformat56-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavresample-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavresample2-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavresample2-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavutil-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavutil54-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libavutil54-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libpostproc-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libpostproc53-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libpostproc53-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libswresample-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libswresample1-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libswresample1-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libswscale-devel-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libswscale3-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", reference:"libswscale3-debuginfo-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavcodec56-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavcodec56-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavdevice56-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavdevice56-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavfilter5-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavfilter5-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavformat56-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavformat56-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavresample2-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavresample2-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavutil54-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libavutil54-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libpostproc53-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libpostproc53-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libswresample1-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libswresample1-debuginfo-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libswscale3-32bit-2.8.5-12.1") ) flag++;
if ( rpm_check(release:"SUSE42.1", cpu:"x86_64", reference:"libswscale3-debuginfo-32bit-2.8.5-12.1") ) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ffmpeg / ffmpeg-debuginfo / ffmpeg-debugsource / ffmpeg-devel / etc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| novell | opensuse | libavutil54-debuginfo | p-cpe:/a:novell:opensuse:libavutil54-debuginfo |
| novell | opensuse | libavutil54-debuginfo-32bit | p-cpe:/a:novell:opensuse:libavutil54-debuginfo-32bit |
| novell | opensuse | libpostproc-devel | p-cpe:/a:novell:opensuse:libpostproc-devel |
| novell | opensuse | libpostproc53 | p-cpe:/a:novell:opensuse:libpostproc53 |
| novell | opensuse | libpostproc53-32bit | p-cpe:/a:novell:opensuse:libpostproc53-32bit |
| novell | opensuse | libpostproc53-debuginfo | p-cpe:/a:novell:opensuse:libpostproc53-debuginfo |
| novell | opensuse | libpostproc53-debuginfo-32bit | p-cpe:/a:novell:opensuse:libpostproc53-debuginfo-32bit |
| novell | opensuse | libswresample-devel | p-cpe:/a:novell:opensuse:libswresample-devel |
| novell | opensuse | libswresample1 | p-cpe:/a:novell:opensuse:libswresample1 |
| novell | opensuse | libswresample1-32bit | p-cpe:/a:novell:opensuse:libswresample1-32bit |
Related
cert
cert
ffmpeg and Libav cross-domain information disclosure vulnerability
2016-01-20 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2016-034-02)
2022-04-21 00:00:00
openSUSE: Security Advisory for ffmpeg (openSUSE-SU-2016:0243-1)
2016-02-02 00:00:00
Debian: Security Advisory (DSA-3506-1)
2016-03-03 00:00:00
f5
f5
SOL03202240 - FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898
2016-02-08 00:00:00
K03202240 : FFmpeg vulnerabilities CVE-2016-1897 and CVE-2016-1898
2016-02-08 00:00:00
seebug
seebug
FFmpeg 2.xηζ¬ζε‘ε¨η«―θ―·ζ±δΌͺι ζΌζ΄
2016-05-06 00:00:00
archlinux
archlinux
ffmpeg: information leakage
2016-01-17 00:00:00
nessus
nessus
FreeBSD : ffmpeg -- remote attacker can access local files (046fedd1-bd01-11e5-bbf4-5404a68ad561)
2016-01-19 00:00:00
Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : MPlayer (SSA:2016-034-02)
2016-02-04 00:00:00
Debian DSA-3506-1 : libav - security update
2016-03-07 00:00:00
freebsd
freebsd
ffmpeg -- remote attacker can access local files
2016-01-13 00:00:00
suse
suse
Security update for ffmpeg (important)
2016-01-25 22:11:11
slackware
slackware
[slackware-security] MPlayer
2016-02-04 00:05:34
hackerone
hackerone
Pornhub: [ssrf] libav vulnerable during conversion of uploaded videos
2016-01-17 15:36:02
debian
debian
[SECURITY] [DSA 3506-1] libav security update
2016-03-04 20:44:32
mageia
mageia
Updated ffmpeg packages fix security vulnerabilities
2016-02-09 22:05:34
osv
osv
libav - security update
2016-03-04 00:00:00
cve
cve
CVE-2016-1898
2016-01-15 03:59:23
CVE-2016-1897
2016-01-15 03:59:23
nvd
nvd
CVE-2016-1898
2016-01-15 03:59:23
CVE-2016-1897
2016-01-15 03:59:23
cvelist
cvelist
CVE-2016-1898
2016-01-15 02:00:00
CVE-2016-1897
2016-01-15 02:00:00
ubuntucve
ubuntucve
CVE-2016-1898
2016-01-14 00:00:00
CVE-2016-1897
2016-01-14 00:00:00
debiancve
debiancve
CVE-2016-1898
2016-01-15 03:59:23
CVE-2016-1897
2016-01-15 03:59:23
gentoo
gentoo
libav: Multiple vulnerabilities
2017-05-09 00:00:00
FFmpeg: Multiple vulnerabilities
2016-06-18 00:00:00
ubuntu
ubuntu
Libav vulnerabilities
2016-04-04 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.2%
Related for OPENSUSE-2016-94.NASL