ffmpeg Exploit Zero-Day Vulnerability

Please reproduce your error on a second machine before posting, and check the error by running without saved changes or extra modules (See FAQ No. 13, "How to report a bug"). For unstable Porteus versions (alpha, beta, rc) please use the relevant thread in our "Development" section.
Post Reply
lukaluki
Black ninja
Black ninja
Posts: 67
Joined: 08 Dec 2011, 01:01
Location: asdfw

ffmpeg Exploit Zero-Day Vulnerability

Post#1 by lukaluki » 19 Jan 2016, 23:09

Zero-Day FFmpeg Vulnerability Lets Anyone Steal Files from Remote Machines
Please read this: http://news.softpedia.com/news/zero-day ... 8880.shtml

How about porteus, It should also be affected by it. In SMPlayer I found the ffmpeg being used for mpeg files.

aus9

Re: ffmpeg Exploit Zero-Day Vulnerability

Post#2 by aus9 » 19 Jan 2016, 23:27

thanks for the heads up. I use Nemesis and users will find an update replaces the vulnerable 2.8.4 version with 2.8.5

Code: Select all

pacman -S ffmpeg
warning: ffmpeg-1:2.8.5-2 is up to date
^^ either prefix pacman command with sudo if you login as guest or leave it alone

For normal Porteus users please check what usm has to say when you search it please.

User avatar
francois
Contributor
Contributor
Posts: 5124
Joined: 28 Dec 2010, 14:25
Distribution: xfce plank porteus artix
Location: C'est l'hiver: la neige soudainement est là à Montréal.

Re: ffmpeg Exploit Zero-Day Vulnerability

Post#3 by francois » 20 Jan 2016, 03:58

As mentioned in the first post hyperlink: Please update to FFmpeg 2.8.5 .
Carpe diem.

lukaluki
Black ninja
Black ninja
Posts: 67
Joined: 08 Dec 2011, 01:01
Location: asdfw

Re: ffmpeg Exploit Zero-Day Vulnerability

Post#4 by lukaluki » 24 Apr 2016, 08:49

I am using KDE on the 64bit, how to get the FFmpeg 2.8.5 package as xzm for loading it on every restart? as I am using the toram (non persistence) feature

regards

Bogomips
Full of knowledge
Full of knowledge
Posts: 2563
Joined: 25 Jun 2014, 15:21
Distribution: 3.2.2 Cinnamon & KDE5
Location: London

Re: ffmpeg Exploit Zero-Day Vulnerability

Post#5 by Bogomips » 24 Apr 2016, 11:21

Copy to porteus/modules folder.
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB

Post Reply