Security update for libav SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1685-1 Final 1 1 2016-06-27T09:41:23Z current 2016-06-27T09:41:23Z 2016-06-27T09:41:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libav This update for libav fixes the two following security issues: - CVE-2016-3062: A MP4 memory corruption was fixed that could lead to crashes or code execution. (boo#984487) - CVE-2015-5479: A crash due to a divide by zero was fixed in ff_h263_decode_mba() that could lead to decoder crashes. (boo#949760) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html E-Mail link for openSUSE-SU-2016:1685-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 libav-11.4-5.1 libav-tools-11.4-5.1 libavcodec-libav-devel-11.4-5.1 libavcodec-libav56-11.4-5.1 libavdevice-libav-devel-11.4-5.1 libavdevice-libav55-11.4-5.1 libavfilter-libav-devel-11.4-5.1 libavfilter-libav5-11.4-5.1 libavformat-libav-devel-11.4-5.1 libavformat-libav56-11.4-5.1 libavresample-libav-devel-11.4-5.1 libavresample-libav2-11.4-5.1 libavutil-libav-devel-11.4-5.1 libavutil-libav54-11.4-5.1 libswscale-libav-devel-11.4-5.1 libswscale-libav3-11.4-5.1 libav-11.4-5.1 as a component of openSUSE Leap 42.1 libav-tools-11.4-5.1 as a component of openSUSE Leap 42.1 libavcodec-libav-devel-11.4-5.1 as a component of openSUSE Leap 42.1 libavcodec-libav56-11.4-5.1 as a component of openSUSE Leap 42.1 libavdevice-libav-devel-11.4-5.1 as a component of openSUSE Leap 42.1 libavdevice-libav55-11.4-5.1 as a component of openSUSE Leap 42.1 libavfilter-libav-devel-11.4-5.1 as a component of openSUSE Leap 42.1 libavfilter-libav5-11.4-5.1 as a component of openSUSE Leap 42.1 libavformat-libav-devel-11.4-5.1 as a component of openSUSE Leap 42.1 libavformat-libav56-11.4-5.1 as a component of openSUSE Leap 42.1 libavresample-libav-devel-11.4-5.1 as a component of openSUSE Leap 42.1 libavresample-libav2-11.4-5.1 as a component of openSUSE Leap 42.1 libavutil-libav-devel-11.4-5.1 as a component of openSUSE Leap 42.1 libavutil-libav54-11.4-5.1 as a component of openSUSE Leap 42.1 libswscale-libav-devel-11.4-5.1 as a component of openSUSE Leap 42.1 libswscale-libav3-11.4-5.1 as a component of openSUSE Leap 42.1 The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav before 11.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a file with crafted dimensions. CVE-2015-5479 openSUSE Leap 42.1:libav-11.4-5.1 openSUSE Leap 42.1:libav-tools-11.4-5.1 openSUSE Leap 42.1:libavcodec-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavcodec-libav56-11.4-5.1 openSUSE Leap 42.1:libavdevice-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavdevice-libav55-11.4-5.1 openSUSE Leap 42.1:libavfilter-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavfilter-libav5-11.4-5.1 openSUSE Leap 42.1:libavformat-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavformat-libav56-11.4-5.1 openSUSE Leap 42.1:libavresample-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavresample-libav2-11.4-5.1 openSUSE Leap 42.1:libavutil-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavutil-libav54-11.4-5.1 openSUSE Leap 42.1:libswscale-libav-devel-11.4-5.1 openSUSE Leap 42.1:libswscale-libav3-11.4-5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html https://www.suse.com/security/cve/CVE-2015-5479.html CVE-2015-5479 https://bugzilla.suse.com/949760 SUSE Bug 949760 The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the entries value in a dref box in an MP4 file. CVE-2016-3062 openSUSE Leap 42.1:libav-11.4-5.1 openSUSE Leap 42.1:libav-tools-11.4-5.1 openSUSE Leap 42.1:libavcodec-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavcodec-libav56-11.4-5.1 openSUSE Leap 42.1:libavdevice-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavdevice-libav55-11.4-5.1 openSUSE Leap 42.1:libavfilter-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavfilter-libav5-11.4-5.1 openSUSE Leap 42.1:libavformat-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavformat-libav56-11.4-5.1 openSUSE Leap 42.1:libavresample-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavresample-libav2-11.4-5.1 openSUSE Leap 42.1:libavutil-libav-devel-11.4-5.1 openSUSE Leap 42.1:libavutil-libav54-11.4-5.1 openSUSE Leap 42.1:libswscale-libav-devel-11.4-5.1 openSUSE Leap 42.1:libswscale-libav3-11.4-5.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-06/msg00105.html https://www.suse.com/security/cve/CVE-2016-3062.html CVE-2016-3062 https://bugzilla.suse.com/984487 SUSE Bug 984487