lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 15 Jan 2009 21:53:00 -0700
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:015 ] ffmpeg


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:015
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ffmpeg
 Date    : January 15, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 Several vulnerabilities have been discovered in ffmpeg, related to
 the execution of DTS generation code (CVE-2008-4866) and incorrect
 handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4866
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 69f5bb05cc258a7c6ae2f6a257b2a5b8  2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
 cd83495c017a04293adb82556f4f8482  2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
 09649773f74c8645a59cc80681f12466  2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
 92e9a33dd75a37a0cbb2cab69bb74309  2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
 5f565919b7ab46e929e7f9aaf10631b8  2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
 034408cd38467d6a6cb39164d424860c  2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm 
 8ae45881734c54789b6adea12c9dd88b  2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 09cc4db7b2ac8704e5e2edc57e836b36  2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
 536adebb82012eeadae9d3750b092b7e  2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
 80cce2817de5908cf394cd02bee110af  2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
 2d1322198a13c08592145bf8f75ca886  2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
 6cf5ba0caec21c90bf77a30f7a07f624  2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
 2c944710a7632bebd06373776130b425  2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm 
 8ae45881734c54789b6adea12c9dd88b  2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 06da71bb222dd80ce7a93ab3627caf43  2008.1/i586/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
 c6bf47fca947aed4ffa888bfb3882476  2008.1/i586/libavformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
 b6d519b089e6585fba225b40388c45ee  2008.1/i586/libavutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
 3603d5c3f4988a9946f23960bc037ac0  2008.1/i586/libffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
 c58de74e89429974f61520add2f002e9  2008.1/i586/libffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
 96fe6f0fe1456c236c7bf2c39fbaf2c3  2008.1/i586/libffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm 
 0a1d77a5ecf39c56e111405d72ee841a  2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 2b71b95220d0ec6c2f301089b4e33cdb  2008.1/x86_64/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
 e7acbc6eb25937c4db42a10afab6e5d3  2008.1/x86_64/lib64avformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
 be7b0bcc9f004581bcaebf1a155ae624  2008.1/x86_64/lib64avutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
 b32b81fc868aca710b1abd74a7ae8801  2008.1/x86_64/lib64ffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
 033cf830e9461b068afb81a80e617a99  2008.1/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
 12ef917412a1d07c6e4f4c59b53407f6  2008.1/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm 
 0a1d77a5ecf39c56e111405d72ee841a  2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 7838bc5941bb507db53e52f608678e6a  2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
 8e4139560f855e1af2ed22913a2d18f6  2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
 024693ee05ad68776e30fddf8831e8c7  2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
 30624dc9e519d14bdfffc50deb88de0f  2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
 9eeabebc197f131565704d1fb76512ea  2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
 82eb4a6ac847a138ad3e928880a7c141  2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
 8f1bedab9de049fbcd70cdcb7723275e  2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm 
 cacf713130e9fe924cf21d73a7a4a064  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 145fb08e1c0a93a4fbe53bffc1bca811  2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
 9a853b0bfb7d6b32cb303a313d0050dc  2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
 2c164afea0211e2a14028b43363bcf48  2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
 58f1e3f6376733ecf890b50c3ba733d8  2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
 8c9479e644e4455ca381bab9098f5383  2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
 584a63e3d7c45ddcb123b0721fa4ccd4  2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
 9bbf2eb2e51f3d95af9ac45dddaf109a  2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm 
 cacf713130e9fe924cf21d73a7a4a064  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJb+VtmqjQ0CJFipgRAq6NAKCpE21xQwjYBMI8gfT/c5GnnfWr/ACgz9nU
5EtWS4Ceh12LB2tIbrnOxAE=
=nZWI
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists