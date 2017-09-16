Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in FFmpeg
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in FFmpeg
ID: openSUSE-SU-2017:2502-1
Distribution: SUSE
Plattformen: SUSE openSUSE Leap 42.3
Datum: Sa, 16. September 2017, 10:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14057
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14169
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14222
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14054
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7865
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14225
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14056
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7866
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14170
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10191
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10192
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14223
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14055
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14059
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9561
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14058
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10190
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7863
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14171

Originalnachricht

 
   openSUSE Security Update: Security update for ffmpeg, ffmpeg2
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2017:2502-1
Rating:             important
References:         #1015120 #1022920 #1022921 #1022922 #1034176 
                    #1034177 #1034179 #1046211 #1049095 #1056760 
                    #1056761 #1056762 #1056763 #1056765 #1056766 
                    #1057536 #1057537 #1057539 #1058018 #1058019 
                    #1058020 
Cross-References:   CVE-2016-10190 CVE-2016-10191 CVE-2016-10192
                    CVE-2016-9561 CVE-2017-11399 CVE-2017-14054
                    CVE-2017-14055 CVE-2017-14056 CVE-2017-14057
                    CVE-2017-14058 CVE-2017-14059 CVE-2017-14169
                    CVE-2017-14170 CVE-2017-14171 CVE-2017-14222
                    CVE-2017-14223 CVE-2017-14225 CVE-2017-7863
                    CVE-2017-7865 CVE-2017-7866
Affected Products:
                    openSUSE Leap 42.3
______________________________________________________________________________

   An update that solves 20 vulnerabilities and has one errata
   is now available.

Description:

   This update introduces lame and twolame.

   For ffmpeg2 it updates to version 2.8.13 and fixes several issues.

   These security issues were fixed:

   - CVE-2017-14058: The read_data function in libavformat/hls.c did not
     restrict reload attempts for an insufficient list, which allowed remote
     attackers to cause a denial of service (infinite loop) (bsc#1056762).
   - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File)
     check might have caused huge CPU and memory consumption. When a crafted
     ASF file, which claims a large "name_len" or "count" field
 in the header
     but did not contain sufficient backing data, was provided, the loops
     over the name and markers would consume huge CPU and memory resources,
     since there is no EOF check inside these loops (bsc#1056761).
   - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check
     might have caused huge CPU and memory consumption. When a crafted CINE
     file, which claims a large "duration" field in the header but did
 not
     contain sufficient backing data, was provided, the image-offset parsing
     loop would consume huge CPU and memory resources, since there is no EOF
     check inside the loop (bsc#1056763).
   - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of
     File) check might have caused huge CPU and memory consumption. When a
     crafted RL2 file, which claims a large "frame_count" field in the
 header
     but did not contain sufficient backing data, was provided, the loops
     (for offset and size tables) would consume huge CPU and memory
     resources, since there is no EOF check inside these loops (bsc#1056760).
   - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of
     File) check might have caused huge CPU and memory consumption. When a
     crafted MV file, which claims a large "nb_frames" field in the
 header
     but did not contain sufficient backing data, was provided, the loop over
     the frames would consume huge CPU and memory resources, since there is
     no EOF check inside the loop (bsc#1056766).
   - boo#1046211: Lots of integer overflow fixes
   - CVE-2016-9561: The che_configure function in
     libavcodec/aacdec_template.c in FFmpeg allowed remote attackers to cause
     a denial of service (allocation of huge memory, and being killed by the
     OS) via a crafted MOV file (boo#1015120)
   - CVE-2017-7863: FFmpeg had an out-of-bounds write caused by a heap-based
     buffer overflow related to the decode_frame_common function in
     libavcodec/pngdec.c (boo#1034179)
   - CVE-2017-7865: FFmpeg had an out-of-bounds write caused by a heap-based
     buffer overflow related to the ipvideo_decode_block_opcode_0xA function
     in libavcodec/interplayvideo.c and the avcodec_align_dimensions2
     function in libavcodec/utils.c (boo#1034177)
   - CVE-2017-7866: FFmpeg had an out-of-bounds write caused by a stack-based
     buffer overflow related to the decode_zbuf function in
     libavcodec/pngdec.c (boo#1034176)
   - CVE-2016-10190: Heap-based buffer overflow in libavformat/http.c in
     FFmpeg allowed remote web servers to execute arbitrary code via a
     negative chunk size in an HTTP response (boo#1022920)
   - CVE-2016-10191: Heap-based buffer overflow in libavformat/rtmppkt.c in
     FFmpeg allowed remote attackers to execute arbitrary code by leveraging
     failure to check for RTMP packet size mismatches (boo#1022921)
   - CVE-2016-10192: Heap-based buffer overflow in ffserver.c in FFmpeg
     allowed remote attackers to execute arbitrary code by leveraging failure
     to check chunk size (boo#1022922)
   - CVE-2017-14169: In the mxf_read_primer_pack function an integer
     signedness error have might occured when a crafted file, which claims a
     large "item_num" field such as 0xffffffff, was provided. As a
 result,
     the variable "item_num" turns negative, bypassing the check for a
 large
     value (bsc#1057536).
   - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack
     of an EOF (End of File) check that might have caused huge CPU
     consumption. When a crafted MXF file, which claims a large
     "nb_index_entries" field in the header but did not contain
 sufficient
     backing data, was provided, the loop would consume huge CPU resources,
     since there was no EOF check inside the loop. Moreover, this big loop
     can be invoked multiple times if there is more than one applicable data
     segment in the crafted MXF file (bsc#1057537).
   - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an
     EOF (End of File) check taht might have caused huge CPU consumption.
     When a crafted NSV file, which claims a large "table_entries_used"
 field
     in the header but did not contain sufficient backing data, was provided,
     the loop over 'table_entries_used' would consume huge CPU
 resources,
     since there was no EOF check inside the loop (bsc#1057539).
   - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of
     an EOF (End of File) check that might have caused huge CPU consumption.
     When a crafted ASF file, which claims a large "ict" field in the
 header
     but did not contain sufficient backing data, was provided, the for loop
     would consume huge CPU and memory resources, since there was no EOF
     check inside the loop (bsc#1058019)
   - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of
     File) check that might have caused huge CPU and memory consumption. When
     a crafted MOV file, which claims a large "item_count" field in the
     header but did not contain sufficient backing data, was provided, the
     loop would consume huge CPU and memory resources, since there was no EOF
     check inside the loop (bsc#1058020)

   These non-security issues were fixed:

   - Unconditionalize celt, ass, openjpeg, webp, libva, vdpau.
   - Build unconditionally with lame and twolame
   - Enable AC3 and MP3 decoding to match multimedia:libs/ffmpeg (3.x)

   For ffmpeg it updates to version 3.3.4 and fixes several issues.

   These security issues were fixed:

   - CVE-2017-14225: The av_color_primaries_name function may have returned a
     NULL pointer depending on a value contained in a file, but callers did
     not anticipate this, leading to a NULL pointer dereference (bsc#1058018).
   - CVE-2017-14223: Prevent DoS in asf_build_simple_index() due to lack of
     an EOF (End of File) check that might have caused huge CPU consumption.
     When a crafted ASF file, which claims a large "ict" field in the
 header
     but did not contain sufficient backing data, was provided, the for loop
     would consume huge CPU and memory resources, since there was no EOF
     check inside the loop (bsc#1058019).
   - CVE-2017-14222: Prevent DoS in read_tfra() due to lack of an EOF (End of
     File) check that might have caused huge CPU and memory consumption. When
     a crafted MOV file, which claims a large "item_count" field in the
     header but did not contain sufficient backing data, was provided, the
     loop would consume huge CPU and memory resources, since there was no EOF
     check inside the loop (bsc#1058020).
   - CVE-2017-14058: The read_data function in libavformat/hls.c did not
     restrict reload attempts for an insufficient list, which allowed remote
     attackers to cause a denial of service (infinite loop) (bsc#1056762)
   - CVE-2017-14057: In asf_read_marker() due to lack of an EOF (End of File)
     check might have caused huge CPU and memory consumption. When a crafted
     ASF file, which claims a large "name_len" or "count" field
 in the header
     but did not contain sufficient backing data, was provided, the loops
     over the name and markers would consume huge CPU and memory resources,
     since there is no EOF check inside these loops (bsc#1056761)
   - CVE-2017-14059: A DoS in cine_read_header() due to lack of an EOF check
     might have caused huge CPU and memory consumption. When a crafted CINE
     file, which claims a large "duration" field in the header but did
 not
     contain sufficient backing data, was provided, the image-offset parsing
     loop would consume huge CPU and memory resources, since there is no EOF
     check inside the loop (bsc#1056763)
   - CVE-2017-14054: A DoS in ivr_read_header() due to lack of an EOF (End of
     File) check might have caused huge CPU consumption. When a crafted IVR
     file, which claims a large "len" field in the header but did not
 contain
     sufficient backing data, was provided, the first type==4 loop would
     consume huge CPU resources, since there is no EOF check inside the loop
     (bsc#1056765).
   - CVE-2017-14056: A DoS in rl2_read_header() due to lack of an EOF (End of
     File) check might have caused huge CPU and memory consumption. When a
     crafted RL2 file, which claims a large "frame_count" field in the
 header
     but did not contain sufficient backing data, was provided, the loops
     (for offset and size tables) would consume huge CPU and memory
     resources, since there is no EOF check inside these loops (bsc#1056760)
   - CVE-2017-14055: a DoS in mv_read_header() due to lack of an EOF (End of
     File) check might have caused huge CPU and memory consumption. When a
     crafted MV file, which claims a large "nb_frames" field in the
 header
     but did not contain sufficient backing data, was provided, the loop over
     the frames would consume huge CPU and memory resources, since there is
     no EOF check inside the loop (bsc#1056766)
   - CVE-2017-11399: Integer overflow in the ape_decode_frame function
     allowed remote attackers to cause a denial of service (out-of-array
     access and application crash) or possibly have unspecified other impact
     via a crafted APE file (bsc#1049095).
   - CVE-2017-14171: Prevent DoS in nsv_parse_NSVf_header() due to lack of an
     EOF (End of File) check taht might have caused huge CPU consumption.
     When a crafted NSV file, which claims a large "table_entries_used"
 field
     in the header but did not contain sufficient backing data, was provided,
     the loop over 'table_entries_used' would consume huge CPU
 resources,
     since there was no EOF check inside the loop (bsc#1057539)
   - CVE-2017-14170: Prevent DoS in mxf_read_index_entry_array() due to lack
     of an EOF (End of File) check that might have caused huge CPU
     consumption. When a crafted MXF file, which claims a large
     "nb_index_entries" field in the header but did not contain
 sufficient
     backing data, was provided, the loop would consume huge CPU resources,
     since there was no EOF check inside the loop. Moreover, this big loop
     can be invoked multiple times if there is more than one applicable data
     segment in the crafted MXF file (bsc#1057537)
   - CVE-2017-14169: In the mxf_read_primer_pack function an integer
     signedness error have might occured when a crafted file, which claims a
     large "item_num" field such as 0xffffffff, was provided. As a
 result,
     the variable "item_num" turns negative, bypassing the check for a
 large
     value (bsc#1057536)

   It also includes various fixes for integer overflows and too-large bit
   shifts that didn't receive a CVE.

   These non-security issues were fixed:

   - Unconditionalize celt, ass, openjpeg, webp, netcdf, libva, vdpau.
   - Build unconditionally with lame and twolame
   - Enabled cuda and cuvid for unrestricted build.
   - Add additional checks to ensure MPEG is off


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE Leap 42.3:

      zypper in -t patch openSUSE-2017-1067=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE Leap 42.3 (i586 x86_64):

      ffmpeg-3.3.4-7.1
      ffmpeg-debuginfo-3.3.4-7.1
      ffmpeg-debugsource-3.3.4-7.1
      ffmpeg2-debugsource-2.8.13-32.1
      ffmpeg2-devel-2.8.13-32.1
      lame-3.99.5-2.1
      lame-debuginfo-3.99.5-2.1
      lame-debugsource-3.99.5-2.1
      lame-doc-3.99.5-2.1
      lame-mp3rtp-3.99.5-2.1
      lame-mp3rtp-debuginfo-3.99.5-2.1
      libavcodec-devel-3.3.4-7.1
      libavcodec56-2.8.13-32.1
      libavcodec56-debuginfo-2.8.13-32.1
      libavcodec57-3.3.4-7.1
      libavcodec57-debuginfo-3.3.4-7.1
      libavdevice-devel-3.3.4-7.1
      libavdevice56-2.8.13-32.1
      libavdevice56-debuginfo-2.8.13-32.1
      libavdevice57-3.3.4-7.1
      libavdevice57-debuginfo-3.3.4-7.1
      libavfilter-devel-3.3.4-7.1
      libavfilter5-2.8.13-32.1
      libavfilter5-debuginfo-2.8.13-32.1
      libavfilter6-3.3.4-7.1
      libavfilter6-debuginfo-3.3.4-7.1
      libavformat-devel-3.3.4-7.1
      libavformat56-2.8.13-32.1
      libavformat56-debuginfo-2.8.13-32.1
      libavformat57-3.3.4-7.1
      libavformat57-debuginfo-3.3.4-7.1
      libavresample-devel-3.3.4-7.1
      libavresample2-2.8.13-32.1
      libavresample2-debuginfo-2.8.13-32.1
      libavresample3-3.3.4-7.1
      libavresample3-debuginfo-3.3.4-7.1
      libavutil-devel-3.3.4-7.1
      libavutil54-2.8.13-32.1
      libavutil54-debuginfo-2.8.13-32.1
      libavutil55-3.3.4-7.1
      libavutil55-debuginfo-3.3.4-7.1
      libmp3lame-devel-3.99.5-2.1
      libmp3lame0-3.99.5-2.1
      libmp3lame0-debuginfo-3.99.5-2.1
      libpostproc-devel-3.3.4-7.1
      libpostproc53-2.8.13-32.1
      libpostproc53-debuginfo-2.8.13-32.1
      libpostproc54-3.3.4-7.1
      libpostproc54-debuginfo-3.3.4-7.1
      libswresample-devel-3.3.4-7.1
      libswresample1-2.8.13-32.1
      libswresample1-debuginfo-2.8.13-32.1
      libswresample2-3.3.4-7.1
      libswresample2-debuginfo-3.3.4-7.1
      libswscale-devel-3.3.4-7.1
      libswscale3-2.8.13-32.1
      libswscale3-debuginfo-2.8.13-32.1
      libswscale4-3.3.4-7.1
      libswscale4-debuginfo-3.3.4-7.1
      libtwolame-devel-0.3.13-2.1
      libtwolame0-0.3.13-2.1
      libtwolame0-debuginfo-0.3.13-2.1
      twolame-0.3.13-2.1
      twolame-debuginfo-0.3.13-2.1
      twolame-debugsource-0.3.13-2.1

   - openSUSE Leap 42.3 (x86_64):

      libavcodec56-32bit-2.8.13-32.1
      libavcodec56-debuginfo-32bit-2.8.13-32.1
      libavcodec57-32bit-3.3.4-7.1
      libavcodec57-debuginfo-32bit-3.3.4-7.1
      libavdevice56-32bit-2.8.13-32.1
      libavdevice56-debuginfo-32bit-2.8.13-32.1
      libavdevice57-32bit-3.3.4-7.1
      libavdevice57-debuginfo-32bit-3.3.4-7.1
      libavfilter5-32bit-2.8.13-32.1
      libavfilter5-debuginfo-32bit-2.8.13-32.1
      libavfilter6-32bit-3.3.4-7.1
      libavfilter6-debuginfo-32bit-3.3.4-7.1
      libavformat56-32bit-2.8.13-32.1
      libavformat56-debuginfo-32bit-2.8.13-32.1
      libavformat57-32bit-3.3.4-7.1
      libavformat57-debuginfo-32bit-3.3.4-7.1
      libavresample2-32bit-2.8.13-32.1
      libavresample2-debuginfo-32bit-2.8.13-32.1
      libavresample3-32bit-3.3.4-7.1
      libavresample3-debuginfo-32bit-3.3.4-7.1
      libavutil54-32bit-2.8.13-32.1
      libavutil54-debuginfo-32bit-2.8.13-32.1
      libavutil55-32bit-3.3.4-7.1
      libavutil55-debuginfo-32bit-3.3.4-7.1
      libmp3lame0-32bit-3.99.5-2.1
      libmp3lame0-debuginfo-32bit-3.99.5-2.1
      libpostproc53-32bit-2.8.13-32.1
      libpostproc53-debuginfo-32bit-2.8.13-32.1
      libpostproc54-32bit-3.3.4-7.1
      libpostproc54-debuginfo-32bit-3.3.4-7.1
      libswresample1-32bit-2.8.13-32.1
      libswresample1-debuginfo-32bit-2.8.13-32.1
      libswresample2-32bit-3.3.4-7.1
      libswresample2-debuginfo-32bit-3.3.4-7.1
      libswscale3-32bit-2.8.13-32.1
      libswscale3-debuginfo-32bit-2.8.13-32.1
      libswscale4-32bit-3.3.4-7.1
      libswscale4-debuginfo-32bit-3.3.4-7.1
      libtwolame0-32bit-0.3.13-2.1
      libtwolame0-debuginfo-32bit-0.3.13-2.1


References:

   https://www.suse.com/security/cve/CVE-2016-10190.html
   https://www.suse.com/security/cve/CVE-2016-10191.html
   https://www.suse.com/security/cve/CVE-2016-10192.html
   https://www.suse.com/security/cve/CVE-2016-9561.html
   https://www.suse.com/security/cve/CVE-2017-11399.html
   https://www.suse.com/security/cve/CVE-2017-14054.html
   https://www.suse.com/security/cve/CVE-2017-14055.html
   https://www.suse.com/security/cve/CVE-2017-14056.html
   https://www.suse.com/security/cve/CVE-2017-14057.html
   https://www.suse.com/security/cve/CVE-2017-14058.html
   https://www.suse.com/security/cve/CVE-2017-14059.html
   https://www.suse.com/security/cve/CVE-2017-14169.html
   https://www.suse.com/security/cve/CVE-2017-14170.html
   https://www.suse.com/security/cve/CVE-2017-14171.html
   https://www.suse.com/security/cve/CVE-2017-14222.html
   https://www.suse.com/security/cve/CVE-2017-14223.html
   https://www.suse.com/security/cve/CVE-2017-14225.html
   https://www.suse.com/security/cve/CVE-2017-7863.html
   https://www.suse.com/security/cve/CVE-2017-7865.html
   https://www.suse.com/security/cve/CVE-2017-7866.html
   https://bugzilla.suse.com/1015120
   https://bugzilla.suse.com/1022920
   https://bugzilla.suse.com/1022921
   https://bugzilla.suse.com/1022922
   https://bugzilla.suse.com/1034176
   https://bugzilla.suse.com/1034177
   https://bugzilla.suse.com/1034179
   https://bugzilla.suse.com/1046211
   https://bugzilla.suse.com/1049095
   https://bugzilla.suse.com/1056760
   https://bugzilla.suse.com/1056761
   https://bugzilla.suse.com/1056762
   https://bugzilla.suse.com/1056763
   https://bugzilla.suse.com/1056765
   https://bugzilla.suse.com/1056766
   https://bugzilla.suse.com/1057536
   https://bugzilla.suse.com/1057537
   https://bugzilla.suse.com/1057539
   https://bugzilla.suse.com/1058018
   https://bugzilla.suse.com/1058019
   https://bugzilla.suse.com/1058020

-- 
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

0
Sten­ber­g: Die Be­dro­hung durch Hin­ter­tü­ren

15
Fi­re­fox 57 er­hält ve­ri­fi­zier­te Kryp­to­gra­fie­funk­tio­nen

13
KDE ver­öf­fent­licht Plas­ma 5.11 Beta

8
Di­gi­kam 5.7 frei­ge­ge­ben

19
KDE ver­kün­det Zu­sam­men­ar­beit mit Pu­rism für of­fe­nes Smart­pho­ne

6
Qt 5.10 Alpha vor­ge­stellt

17
Cen­tOS 7.4 frei­ge­ge­ben

12
Gnome 3.26 »Man­ches­ter« ver­öf­fent­licht

0
Kie­ler Open Sour­ce und Linux Tage star­ten

5
Pu­b­li­cCo­de for­dert Frei­ga­be aller öf­fent­lich fi­nan­zier­ten Soft­ware
 
Werbung