lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NLLfl-00047W-RK@titan.mandriva.com>
Date: Thu, 17 Dec 2009 20:06:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:335 ] ffmpeg


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:335
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ffmpeg
 Date    : December 17, 2009
 Affected: 2008.0, 2009.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability was discovered and corrected in ffmpeg:
 
 MPlayer allows remote attackers to cause a denial of service
 (application crash) via (1) a malformed AAC file, as demonstrated
 by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as
 demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718
 (CVE-2008-4610).
 
 Packages for 2008.0 are being provided due to extended support for
 Corporate products.
 
 This update provides a solution to this vulnerability.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4610
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 beeabb1996d9bf736309cc48dacf59a1  2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
 6cc819d7659aa3c3110a09764341f17a  2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
 a64149c0223fce925bcc9a44261379a8  2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
 e32ff29ad5bb4988009ba73d587f22d1  2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
 432a60bd0ffbe8faad641154f161b12c  2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
 bef39a87bdfe586aa27a8124a5f42b46  2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm 
 f3dcc5d0422d10a807f19beec6460401  2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 0adb11ce92b7023d84e17c47b416a02e  2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
 f99f57c6bd2c1c905723de5d23cbc78d  2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
 1848eaa502b484235fc49d9dee5f46ee  2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
 3bbabab6bb9461f1ac9f0991b7669dc8  2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
 391c848cb410158b73199e7f2e02733a  2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
 b2bc211725adcebe19a1ed90c87248e1  2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm 
 f3dcc5d0422d10a807f19beec6460401  2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.src.rpm

 Mandriva Linux 2009.0:
 9e6955be6fc29847200a396543e91f91  2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
 e793f88f8612e83b87c75d28aa7b3ee3  2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
 510e5d64d1f3ce851aa58295048b6ce4  2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
 81d1d46a7b798bb137a3ce65433c5450  2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
 abf4b34aa90f1cfd613cf5e5bba6d01d  2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
 62841712208ab5dc5131383715e46e45  2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
 b523f312fcbe542a68af8415535813bb  2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm 
 95a8fe70eb607239e0fefe877345b8e3  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b25852f91e95c0dd6cac413421f09817  2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
 d5d5e19e0a589924a37cd82addc3d135  2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
 e8b76380ce69b61d745aa3365b89a0d1  2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
 b52751767266afc6e30697905cc0a22d  2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
 d4a24cd43474784d990e2d18b1fbeb88  2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
 5c618faeabddbf34969458b9bf3be9ed  2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
 e584888b791440e6427c25dddad185f5  2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm 
 95a8fe70eb607239e0fefe877345b8e3  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 a9bad1d3f80f6abc794e12b7a616118b  mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
 2e1de6fd3253390d5a97f44ce410ef7a  mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
 d59edc9e6f14340853b421805846238b  mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
 22c19b94d9e6e887e080a16a724083b9  mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
 a1771b311f17e89ee35aca056e3a2fe3  mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
 ef57ad2c274230c8924cf7f85901d956  mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
 c9391186267f11449a359a9a3f46c10f  mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm 
 24d45cd3251b8876c41d60e164f61db2  mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 d89476745c6defb6299cc521dcb9d811  mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
 1ec046f0bc0d805cbddc0a09eb731813  mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
 21f1a295e0d12ed3bf8e91e18e557d4a  mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
 2ac6b11c3cdffbfb7ce66ec7ed92794b  mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
 0958f365fc0377700789901f3cfc70b4  mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
 2283f579aef13eb81f97f37b694f6393  mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
 d1d3b94079ddff1e40e19b351714c1fd  mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm 
 24d45cd3251b8876c41d60e164f61db2  mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFLKlMxmqjQ0CJFipgRAnrBAKCLwSWexDuGzACY5dZuH42BvRzYqgCeIpiR
ToKThFbj+KOsukdA6OcMMGA=
=yb49
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ