[SECURITY] [DLA 780-1] libav security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 780-1] libav security update
From: Hugo Lefeuvre <hle@debian.org>
Date: Thu, 12 Jan 2017 16:16:13 +0100
Message-id: <[🔎] 20170112151612.6mkv2ik36cjskuu5@hle.local>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libav
Version        : 6:0.8.19-0+deb7u1
CVE ID         : CVE-2016-7424

Multiple vulnerabilities have been found in libav:

CVE-2016-7424

    The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in
    libav 11.7 and earlier allows remote attackers to cause a denial
    of service (NULL pointer dereference and crash) via a crafted MP3
    file.  

(No CVE assigned)

    The h264 codec is vulnerable to various crashes with invalid-free,
    corrupted double-linked list or out-of-bounds read.

For Debian 7 "Wheezy", these problems have been fixed in version
6:0.8.19-0+deb7u1.

We recommend that you upgrade your libav packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErLe2fxl/mzIVM0McrJCsPsUkBl4FAlh3nPUACgkQrJCsPsUk
Bl4hRg/+NkD5YCrteRs5rNI/hSvBj1BSwX2Y1ehPPhiPpWyGbBRRYHfGrt7axRjV
EGDdxWOThPU50YgJiDxwXWVCu08jwpBRqVgvGb1uNbNtg4R1QvANa+GAHwzNXA3t
AVnREiPLucFllpAUOLmmJj5DDMU02caiI/fNDdS6XyCMMTFKp45rw4/imImO8POn
aMzTZRdcnui3HhzspWRawCeX4y3cz62fkUpexVKq+MgoBZkG/FXaNYBQFdQatlYh
whMLlmi0EzAB6Zi9jPjw/caMr6Eh2jMPpNJVJUd8s6rlatpuwykzXVPhD9y/vnbM
NEMUIejN73UEogvb7+qscSWrFynOm52C1/JJQPN2fpfEo+yHxU9APMR3DyvIC1rI
qf/X0AM7BHaOiyw4B/FObVnBAjyiBhC1aaoLQUhzDdzqSeCNncDASK4JoiKTunDP
9dZ/svul/kvDl30GTnrgAbjUKq6BldQQda3NCfrcreqhsCdRzwTO0wxpcEnW/LCx
vC6T3tJZ0DE90aeXsJjX7d/X8uMYD5/ivMxLARtReaxyNkF8n6Oc0oe65BT6XevT
TUcLSVr2+NccsfA2Ln9P668eDazmmD5ZEyvl4lpVUD+2ygC8UsUTHI4PGs9FamYc
wmyQwBQOVgJRDCsVNzI3QUZMyd3runXZH6dD99jC/nekdbSfjaU=
=4jor
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 779-1] tomcat7 security update
Next by Date: [SECURITY] [DLA 781-1] asterisk security update
Previous by thread: [SECURITY] [DLA 779-1] tomcat7 security update
Next by thread: [SECURITY] [DLA 781-1] asterisk security update
Index(es):
- Date
- Thread