[SECURITY] [DLA 917-1] rtmpdump security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : rtmpdump
Version : 2.4+20111222.git4e06e21-1+deb7u1
CVE ID : CVE-2015-8270 CVE-2015-8271 CVE-2015-8272
Several vulnerabilities were found in rtmpdump and the librtmp
library.
CVE-2015-8270
A bug in AMF3ReadString in librtmp can cause a denial of service via
application crash to librtmp users that talk to a malicious server.
CVE-2015-8271
The AMF3_Decode function in librtmp doesn't properly validate its
input, which can lead to arbitrary code execution when talking
to a malicious attacker.
CVE-2015-8272
A bug in rtmpsrv can lead to a crash when talking to a malicious
client.
For Debian 7 "Wheezy", these problems have been fixed in version
2.4+20111222.git4e06e21-1+deb7u1.
We recommend that you upgrade your rtmpdump packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlj/ynIACgkQnUbEiOQ2
gwJskw/7BPnBRS8VtHBVhoRyMBdLItmKfhu9mdIIcFm8U2sBjXlmDG63bpor6w4V
3FwbA5g21wYmUc7ZsbeorzTNInKr/UCx+Q8XkVD6gKSN8cefqQJKV3BOhvhjLhIS
JZNEE6l7gk4IRwL4lLquL8n2yd7RxGghistY53BT4w1WlGQvJpPDblnO4b9kPjwy
zyFlxJirNiaxYudSoEjId6gVWB9BhDhpvA0YFMEMAoELkygmZyWlmkstIADIgNqd
4EH6ml1/slubVQhO46DxiM5ZE11xtmwbdo1yBGzcAwjZjjX/8cJwVBwaF33BEzNq
A5yiqslYIEMqUjmneEBtTGB1LCv9f+X+G6rOdHAavaHDe4mqNaOYy+868OlDRR35
rqJ6/3B/cQA54v+30h83Th3vgmxXfM8vZXXcYuH2lHX71gI0apOOhcCDd375FrOs
aKD8VPU3Tl/1/Ktuh8SH5+uQnkac57UCTR8QmCi2QDg0DwPFlZ4JUm9G+IoVlTve
eOr4bZwPh8RKCzt0tMGNH7tSAN4cXbrkFANgz8i6gH2V2gsb3ftsZrxLNFD+OEvM
CXsyq6wEg0KSPzHvLpA7uFczoqcQRL1ZSV/ACP44jbsDPMZsqq3/4N7c1xfa60Me
REj2gGu9CH6BKoqH2Ktlz0vZSrGD31cwy4Mt0LYrzHjkxUIvUbg=
=C3Jl
-----END PGP SIGNATURE-----
Reply to: