Security update for ffmpeg2
This update for ffmpeg2 fixes security issues, bugs, and enables AC3 and MP3 decoding.
The following vulnerabilities were fixed:
- CVE-2017-7863: heap-based buffer overflow (bsc#1034179)
- CVE-2017-7865: heap-based buffer overflow (bsc#1034177)
- CVE-2017-7866: stack-based buffer overflow (bsc#1034176)
- CVE-2016-10191: remote code execution (bsc#1022921)
- CVE-2016-10190: remote code execution (bsc#1022920)
- CVE-2016-10192: remote code execution (bsc#1022922)
- CVE-2016-9561: Huge amount memory allocated, resulting in DoS of ffmpeg (bsc#1015120)
The following functionality was added:
- Enable AC3 and MP3 decoding
ffmpeg was updated to 2.8.11, containing a number of upstream improvements and fixes.
-
Submitted by
Jan Engelhardt (jengelh)
Fixed bugs
bnc#1034179
VUL-0: CVE-2017-7863: ffmpeg: heap-based buffer overflow (decode_frame_common function in libavcodec/pngdec.c)
bnc#1034177
VUL-0: CVE-2017-7865: ffmpeg: heap-based buffer overflow (ipvideo_decode_block_opcode_0xA function in libavcodec/interplayvideo.c and the avcodec_align_dimensions2 function in libavcodec/utils.c)
bnc#1034176
VUL-0: CVE-2017-7866: ffmpeg: stack-based buffer overflow (decode_zbuf function in libavcodec/pngdec.c)
bnc#1022921
VUL-0: CVE-2016-10191: ffmpeg: remote exploitaion results code execution [ 2 - libavformat/rtmppkt.c ]
bnc#1022920
VUL-0: CVE-2016-10190: ffmpeg: remote exploitaion results code execution [ 1 - libavformat/http.c ]
bnc#1022922
VUL-0: CVE-2016-10192: ffmpeg: remote exploitaion results code execution [ 3 - ffserver.c ]
bnc#1015120
VUL-0: CVE-2016-9561: ffmpeg: Huge amount memory allocated, resulting in DoS of ffmpeg
