[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1N96Tk-0007uJ-8y@titan.mandriva.com>
Date: Sat, 14 Nov 2009 01:27:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:297 ] ffmpeg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:297
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ffmpeg
Date : November 13, 2009
Affected: 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Vulnerabilities have been discovered and corrected in ffmpeg:
- The ffmpeg lavf demuxer allows user-assisted attackers to cause
a denial of service (application crash) via a crafted GIF file
(CVE-2008-3230)
- FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
to cause a denial of service (memory consumption) via unknown vectors,
aka a Tcp/udp memory leak. (CVE-2008-4869)
- Integer signedness error in the fourxm_read_header function in
libavformat/4xm.c in FFmpeg before revision 16846 allows remote
attackers to execute arbitrary code via a malformed 4X movie file with
a large current_track value, which triggers a NULL pointer dereference
(CVE-2009-0385)
The updated packages fix this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2009.0:
e0594fb5df04fa79335f16d75050cdd2 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
57bbb28bfef423a5a03f191894ac047b 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
205e40f56832e8bc273df3fda8498721 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
789da278cdb4915eef10a15de83fdcca 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
b0fa1fe90d5a5dc261b8d09b91d84694 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
b9ae28eb8d2fb8b8f52a1d330d9d072b 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
d61b93aaddbab02603d815eecfaf5060 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
1ca41b3ff07810dd8fdc319dad0bfa38 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
3bc194b9870a51d754fd4a263672a440 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
220aaa86d9e11e2ef69bea8e360ebbac 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
7d3d5b429dc653e71e3ec8a4cfd17f30 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
568a8c2790c8378d555f5ff34a5360fc 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
17601276b12379836321303c7f96f62f 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
0ee4ae42aec3cc81fd2ee7ac5dc92ed7 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
c54bbaeb83e81d78389cdae69fc7945e 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
1ca41b3ff07810dd8fdc319dad0bfa38 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm
Corporate 3.0:
cd5e396289264ed5739fd77bc9580ce3 corporate/3.0/i586/ffmpeg-0.4.8-7.4.C30mdk.i586.rpm
dade7b7fbf1d4bf1f74b94e17c09cc12 corporate/3.0/i586/libffmpeg0-0.4.8-7.4.C30mdk.i586.rpm
9d0371d643c952bf302c4c79f7e8bf2f corporate/3.0/i586/libffmpeg0-devel-0.4.8-7.4.C30mdk.i586.rpm
8a5fad09c722723e1a40de83a077d4eb corporate/3.0/SRPMS/ffmpeg-0.4.8-7.4.C30mdk.src.rpm
Corporate 3.0/X86_64:
614c5fd1e865146478012bd5b053e62e corporate/3.0/x86_64/ffmpeg-0.4.8-7.4.C30mdk.x86_64.rpm
3276671b86a7f9e4114defedb17f1770 corporate/3.0/x86_64/lib64ffmpeg0-0.4.8-7.4.C30mdk.x86_64.rpm
9bfe44651ef6bbe526e26ca323a58817 corporate/3.0/x86_64/lib64ffmpeg0-devel-0.4.8-7.4.C30mdk.x86_64.rpm
8a5fad09c722723e1a40de83a077d4eb corporate/3.0/SRPMS/ffmpeg-0.4.8-7.4.C30mdk.src.rpm
Corporate 4.0:
cea39827d3cd607430962785c6206bfe corporate/4.0/i586/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm
345afe63a69e8b8c2f880a501174fa77 corporate/4.0/i586/libffmpeg0-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm
190b7001f77184177490bff0b2176749 corporate/4.0/i586/libffmpeg0-devel-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm
cb4625766fd1476aa6abd49fcf249aa5 corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
aae084db08e02578728aedf396a08471 corporate/4.0/x86_64/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm
8e45b4810fa52179292b676b782eef10 corporate/4.0/x86_64/lib64ffmpeg0-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm
6751921dec760a2742b88fd2434a6b8b corporate/4.0/x86_64/lib64ffmpeg0-devel-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm
cb4625766fd1476aa6abd49fcf249aa5 corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
5568575b5be379d1f0d27bcde4aa38eb mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
9d6dc2ea4e12f2c67f6519c83a571e02 mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
3e56d644eb5642ebc0583f11e84f52e3 mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
3eb1291249d8561b42afc0949ac75bcf mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
fd685cbabbd636f0cbe24f77ed2e186b mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
3f9f8eb7b6119383c3c8ca3af5c61fed mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
111b6bfabdf8058e3ec0826a712f1d6e mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
41df1f07603ebed5ceba3b21e790c9f0 mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm
Mandriva Enterprise Server 5/X86_64:
bf65d183cbc92b4b5c969dd494d1e1fa mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
e2203a6231aaaa4c55a6dd63d74c5e7f mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
b824a2840bfa876467b1fb92b5cb8fe2 mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
9c1e39e6affb3b1df529f13db5e98bea mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
11107390354de01163b6d9815f0649c5 mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
220531e71a45efc06dd336b0ed8687cc mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
53712b657a9c2e772abb3bde6f208824 mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
41df1f07603ebed5ceba3b21e790c9f0 mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFK/cuYmqjQ0CJFipgRAkExAKCfIlGM4OXYoHd+YsiHlSCQA4RS2ACgkUks
zU6eTQIbO65tDPa/ANHYTpo=
=q+lG
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists