openSUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:1531-1 Rating: moderate References: #1015120 #1022921 #1022922 Cross-References: CVE-2016-10191 CVE-2016-10192 CVE-2016-9561 CVE-2017-5024 CVE-2017-5025 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update of ffmpeg to version 3.1.8 fixes the following security issues: - CVE-2016-9561: DoS through huge memory allocation (bsc#1015120) - CVE-2016-10191: remote code execution vulnerability (bsc#1022921) - CVE-2016-10192: remote code execution vulnerability (bsc#1022922) - CVE-2017-5024: Heap overflow - CVE-2017-5025: Heap overflow Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-673=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): ffmpeg-3.1.8-8.1 ffmpeg-debuginfo-3.1.8-8.1 ffmpeg-debugsource-3.1.8-8.1 libavcodec-devel-3.1.8-8.1 libavcodec57-3.1.8-8.1 libavcodec57-debuginfo-3.1.8-8.1 libavdevice-devel-3.1.8-8.1 libavdevice57-3.1.8-8.1 libavdevice57-debuginfo-3.1.8-8.1 libavfilter-devel-3.1.8-8.1 libavfilter6-3.1.8-8.1 libavfilter6-debuginfo-3.1.8-8.1 libavformat-devel-3.1.8-8.1 libavformat57-3.1.8-8.1 libavformat57-debuginfo-3.1.8-8.1 libavresample-devel-3.1.8-8.1 libavresample3-3.1.8-8.1 libavresample3-debuginfo-3.1.8-8.1 libavutil-devel-3.1.8-8.1 libavutil55-3.1.8-8.1 libavutil55-debuginfo-3.1.8-8.1 libpostproc-devel-3.1.8-8.1 libpostproc54-3.1.8-8.1 libpostproc54-debuginfo-3.1.8-8.1 libswresample-devel-3.1.8-8.1 libswresample2-3.1.8-8.1 libswresample2-debuginfo-3.1.8-8.1 libswscale-devel-3.1.8-8.1 libswscale4-3.1.8-8.1 libswscale4-debuginfo-3.1.8-8.1 References: https://www.suse.com/security/cve/CVE-2016-10191.html https://www.suse.com/security/cve/CVE-2016-10192.html https://www.suse.com/security/cve/CVE-2016-9561.html https://www.suse.com/security/cve/CVE-2017-5024.html https://www.suse.com/security/cve/CVE-2017-5025.html https://bugzilla.suse.com/1015120 https://bugzilla.suse.com/1022921 https://bugzilla.suse.com/1022922