Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1842 ffmpeg security update 23 May 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ffmpeg Publisher: Debian Operating System: Debian GNU/Linux 9 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-11338 CVE-2019-9718 CVE-2018-1999011 CVE-2018-15822 Reference: ESB-2019.1575 ESB-2018.3449 Original Bulletin: http://www.debian.org/security/2019/dsa-4449 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4449-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 22, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : ffmpeg CVE ID : CVE-2018-15822 CVE-2018-1999011 CVE-2019-9718 CVE-2019-11338 Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed. For the stable distribution (stretch), these problems have been fixed in version 7:3.2.14-1~deb9u1. We recommend that you upgrade your ffmpeg packages. For the detailed security status of ffmpeg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlzlwIgACgkQEMKTtsN8 TjbC1A/9HsfmXmI0HnhcYA1H22F1WpRqXfFl570UQydmeXeKfiEN1gGFRj9WrPaT 7JW1/qoSWVMFlcKV2SwnMigD0ECIiFAaW71AMYckumosH35MDlYgsCvWqk+LL9Ad CMPP6UzROdiHhucEJq9eYsDSjWc4rN23jd9MpMSD7kB4N8y+o1mQWbmUUCSp29Fp QN4Ak7fM9F32axvniYE1A8Oxvl6qTBGLhgHdeoJO98y6qSjTC5zpyGX9OPRpDc6F Pkv1l9KZkZ7xYencxcdpeVy7YETOwd55r3xxSFhbHhggieeQJnHDE7B3zAHWHe7n 1Vhz9yQZIAYV+q5m5T0g93M5BfHkqKaeqT2ZvcJCPTDmHUv9+UE0w5r1LuxUTPWZ fH1ZlVuG+nf69Etnn1hSdLVSdGMa8dK+nsWYir1l+k2epocLuyUhLMpJBPz3ZFWw S853vums3AwLkWT0Pf1/2GSgTuaY7DWl41rNPPMaOIbSZX8LgdZAwGPnX/9QT9Ae BOJUWRaeKSwuiRZLzhaT1Qzm65amod0hleMEDrrpSm928Fum7yRJ/YuSoiVRC7VB ZnWbdh8xyY2SGk95nU84U/zdH5DQ/JlAE/8OZf/xuNJj1ZmQ8RHaBzKZQdJO1h8F DeHr2DUEOqw+ZW0GB3svh+xshAgngvt+QL/M83iEaYK9PeEExg0= =QVv+ - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXOYafGaOgq3Tt24GAQgtzQ/9FXy/P4H6jZDV2ANTj5oGTxRLPCkOZsMA jTNDRfFSER3Ows7Zdzn1TK5bgNaC/KhfyTfJqnEmbDUPtYQW8aUuIl+jzOJRXaMK 7wCmUNRxVz47pGdWwfWoaIItKMnyR5SmqQhdj06YAbBz4QBzSJen8jbRXJOggXD1 PCp4duJj5aHx0UOiZRFauD2x5iii1G2/i9mdWXseZRh5OlMU2dOyLG913OKvIVNC 5Os5a2Xz4gespCFLkaT39QugxmX0uA0Qd8rrfoaFIaRb7IimSXW4AoA+AkKmjHLc JQqgH9+oTaWbSwezENJD6Fa19zN+I6WjR+TiG3GdRc/BSQQbCSV3RK4i1CxJo0Qv YRS3Y4zqQslyjfRQGsgvKGt8RO0V7eRyzeLG27CaXao+f2RNV75qX2PLkhKYOxwg sZsPBo0f/fbgVRecT3EMK2PjsrYfmQ/pvraO5W4mUZFjA9a5M9T0WPrW7S0O+YIm BFbwozKuV3ZWJFf80PrYiHWJpD0WlXN0boSyeJjOEvAhQF5Mp7yiDbPCTXAqezfM c7TD9ffx+o809Dx0fl7R1+04QQBxZmtE2TFmkdieJBzx1LHd4kWo4A4+2rZt9rf1 NORQVqcewury90ytermRMG51+H6tiaOjNvzdeKf3PZh8tgyfgqvquinhZsgMR269 5pU7+4x4Atk= =00C2 -----END PGP SIGNATURE-----