GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Feb 08, 2015 12:26 am Post subject: [ GLSA 201502-08 ] Libav |
|
|
Gentoo Linux Security Advisory
Title: Libav: Multiple vulnerabilities (GLSA 201502-08)
Severity: normal
Exploitable: remote
Date: February 07, 2015
Bug(s): #492582, #515234, #531832
ID: 201502-08
Synopsis
Multiple vulnerabilities have been found in Libav, allowing
attackers to execute arbitrary code or cause Denial of Service.
Background
Libav is a complete solution to record, convert and stream audio and
video.
Affected Packages
Package: media-video/libav
Vulnerable: < 9.17
Unaffected: >= 9.17
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Libav. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could entice a user to open a specially crafted media
file in an application linked against Libav, possibly resulting in
execution of arbitrary code with the privileges of the application or a
Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Libav users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/libav-9.17"
|
References
CVE-2011-3934
CVE-2011-3935
CVE-2011-3946
CVE-2013-0848
CVE-2013-0851
CVE-2013-0852
CVE-2013-0860
CVE-2013-0868
CVE-2013-3672
CVE-2013-3674
CVE-2014-4609
Libav News November 2, 2013
Last edited by GLSA on Thu Jun 18, 2015 4:16 am; edited 1 time in total |
|