-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : rtmpdump Version : 2.4+20111222.git4e06e21-1+deb7u1 CVE ID : CVE-2015-8270 CVE-2015-8271 CVE-2015-8272
Several vulnerabilities were found in rtmpdump and the librtmp library. CVE-2015-8270 A bug in AMF3ReadString in librtmp can cause a denial of service via application crash to librtmp users that talk to a malicious server. CVE-2015-8271 The AMF3_Decode function in librtmp doesn't properly validate its input, which can lead to arbitrary code execution when talking to a malicious attacker. CVE-2015-8272 A bug in rtmpsrv can lead to a crash when talking to a malicious client. For Debian 7 "Wheezy", these problems have been fixed in version 2.4+20111222.git4e06e21-1+deb7u1. We recommend that you upgrade your rtmpdump packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlj/ynIACgkQnUbEiOQ2 gwJskw/7BPnBRS8VtHBVhoRyMBdLItmKfhu9mdIIcFm8U2sBjXlmDG63bpor6w4V 3FwbA5g21wYmUc7ZsbeorzTNInKr/UCx+Q8XkVD6gKSN8cefqQJKV3BOhvhjLhIS JZNEE6l7gk4IRwL4lLquL8n2yd7RxGghistY53BT4w1WlGQvJpPDblnO4b9kPjwy zyFlxJirNiaxYudSoEjId6gVWB9BhDhpvA0YFMEMAoELkygmZyWlmkstIADIgNqd 4EH6ml1/slubVQhO46DxiM5ZE11xtmwbdo1yBGzcAwjZjjX/8cJwVBwaF33BEzNq A5yiqslYIEMqUjmneEBtTGB1LCv9f+X+G6rOdHAavaHDe4mqNaOYy+868OlDRR35 rqJ6/3B/cQA54v+30h83Th3vgmxXfM8vZXXcYuH2lHX71gI0apOOhcCDd375FrOs aKD8VPU3Tl/1/Ktuh8SH5+uQnkac57UCTR8QmCi2QDg0DwPFlZ4JUm9G+IoVlTve eOr4bZwPh8RKCzt0tMGNH7tSAN4cXbrkFANgz8i6gH2V2gsb3ftsZrxLNFD+OEvM CXsyq6wEg0KSPzHvLpA7uFczoqcQRL1ZSV/ACP44jbsDPMZsqq3/4N7c1xfa60Me REj2gGu9CH6BKoqH2Ktlz0vZSrGD31cwy4Mt0LYrzHjkxUIvUbg= =C3Jl -----END PGP SIGNATURE-----