Moritz

**Name of the Vulnerable Software and Affected Versions** Puppet versions 2.6.0 through 2.6.3 **Description** The issue allows remote authenticated Puppet nodes to read or modify the resources of other nodes due to improper access restrictions to node resources. **Recommendations** For Puppet versions 2.6.0 through 2.6.3, update to a version that properly restricts access to node resources to prevent unauthorized reading or modification of node resources.

**Name of the Vulnerable Software and Affected Versions** FFmpeg versions prior to 0.7.3 FFmpeg versions 0.8.x prior to 0.8.2 libav versions prior to 0.7.2 is not mentioned, but libav through 0.7.1 is affected, so we can say libav versions prior to 0.7.2 **Description** The issue is related to an integer signedness error in the decode residual block function in cavsdec.c in libavcodec. This error can be exploited by remote attackers using a crafted Chinese AVS video file, potentially leading to a denial of service through memory corruption and application crash, or possibly allowing the execution of arbitrary code. **Recommendations** For FFmpeg versions prior to 0.7.3, update to version 0.7.3 or later. For FFmpeg versions 0.8.x prior to 0.8.2, update to version 0.8.2 or later. For libav versions prior to 0.7.2, update to version 0.7.2 or later.