Arch Linux Security Advisory ASA-201601-1 ========================================= Severity: High Date : 2016-01-02 CVE-ID : Pending Package : rtmpdump Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package rtmpdump before version 1:2.4.r96.fa8646d-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 1:2.4.r96.fa8646d-1. # pacman -Syu "rtmpdump>=1:2.4.r96.fa8646d-1" The problem has been fixed upstream but no updated version has been released. Workaround ========== None. Description =========== Several issues have been found in the part of rtmpdump handling RTMP streams by LMX of Qihoo 360 Codesafe Team. These issues include memory leak, integer overflow, type confusion when dealing with AMF strings and objects, and several other parsing issues. Impact ====== A remote attacker is able to craft a special rtmp stream that, when processed, can cause arbitrary code execution. References ========== http://article.gmane.org/gmane.comp.security.oss.general/18466 https://bugs.archlinux.org/task/47564