Branch sisyphus update bulletin.

Package ffmpeg updated to version 4.0.3-alt1 for branch sisyphus in task 216125.

Published: 2018-08-24

BDU:2020-00758

Уязвимость функции flv_write_packet мультимедийной библиотеки FFmpeg, связанная с отсутствием проверки на наличие пустого аудиопакета, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.5) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CVE-2018-15822

Published: 2018-08-24
Modified: 2024-11-21

CVE-2018-15822

The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package jq updated to version 1.6-alt1 for branch sisyphus in task 216124.

Published: 2016-05-06
Modified: 2024-11-21

CVE-2015-8863

Off-by-one error in the tokenadd function in jv_parse.c in jq allows remote attackers to cause a denial of service (crash) via a long JSON-encoded number, which triggers a heap-based buffer overflow.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2016-05-06
Modified: 2024-11-21

CVE-2016-4074

The jv_dump_term function in jq 1.5 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted JSON file. This issue has been fixed in jq 1.6_rc1-r0.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Version: 2.1.0

Branch sisyphus update on 2018-11-06

ALT-BU-2018-3553-1

ALT-PU-2018-2593-1

Closed vulnerabilities

BDU:2020-00758

CVE-2018-15822

ALT-PU-2018-2594-1

Closed vulnerabilities

CVE-2015-8863

CVE-2016-4074