openSUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0961-1 Rating: moderate References: #1022920 Cross-References: CVE-2016-10190 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg fixes the following issues: Security issue fixed: - CVE-2016-10190: remote code execution vulnerability [ 1 - libavformat/http.c ] (boo#1022920) Detailed ChangeLog: - 3.1.6: https://github.com/FFmpeg/FFmpeg/blob/e08b1cf2df8cfdb3394aa5ab0320739f8b5a1 c4f/Changelog - 3.2.4: https://github.com/FFmpeg/FFmpeg/blob/cbe65ccfa02a9061cead73a6685eef90225c4 1b5/Changelog Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-449=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): ffmpeg-2.8.10-9.1 ffmpeg-3.1.6-5.1 ffmpeg-debuginfo-3.1.6-5.1 ffmpeg-debugsource-3.1.6-5.1 ffmpeg-devel-2.8.10-9.1 libavcodec-devel-2.8.10-9.1 libavcodec-devel-3.1.6-5.1 libavcodec56-2.8.10-9.1 libavcodec57-3.1.6-5.1 libavcodec57-debuginfo-3.1.6-5.1 libavdevice-devel-2.8.10-9.1 libavdevice-devel-3.1.6-5.1 libavdevice56-2.8.10-9.1 libavdevice57-3.1.6-5.1 libavdevice57-debuginfo-3.1.6-5.1 libavfilter-devel-2.8.10-9.1 libavfilter-devel-3.1.6-5.1 libavfilter5-2.8.10-9.1 libavfilter6-3.1.6-5.1 libavfilter6-debuginfo-3.1.6-5.1 libavformat-devel-2.8.10-9.1 libavformat-devel-3.1.6-5.1 libavformat56-2.8.10-9.1 libavformat57-3.1.6-5.1 libavformat57-debuginfo-3.1.6-5.1 libavresample-devel-2.8.10-9.1 libavresample-devel-3.1.6-5.1 libavresample2-2.8.10-9.1 libavresample3-3.1.6-5.1 libavresample3-debuginfo-3.1.6-5.1 libavutil-devel-2.8.10-9.1 libavutil-devel-3.1.6-5.1 libavutil54-2.8.10-9.1 libavutil55-3.1.6-5.1 libavutil55-debuginfo-3.1.6-5.1 libpostproc-devel-2.8.10-9.1 libpostproc-devel-3.1.6-5.1 libpostproc53-2.8.10-9.1 libpostproc54-3.1.6-5.1 libpostproc54-debuginfo-3.1.6-5.1 libswresample-devel-2.8.10-9.1 libswresample-devel-3.1.6-5.1 libswresample1-2.8.10-9.1 libswresample2-3.1.6-5.1 libswresample2-debuginfo-3.1.6-5.1 libswscale-devel-2.8.10-9.1 libswscale-devel-3.1.6-5.1 libswscale3-2.8.10-9.1 libswscale4-3.1.6-5.1 libswscale4-debuginfo-3.1.6-5.1 References: https://www.suse.com/security/cve/CVE-2016-10190.html https://bugzilla.suse.com/1022920