[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1NLLfl-00047W-RK@titan.mandriva.com>
Date: Thu, 17 Dec 2009 20:06:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:335 ] ffmpeg
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:335
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ffmpeg
Date : December 17, 2009
Affected: 2008.0, 2009.0, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
A vulnerability was discovered and corrected in ffmpeg:
MPlayer allows remote attackers to cause a denial of service
(application crash) via (1) a malformed AAC file, as demonstrated
by lol-vlc.aac; or (2) a malformed Ogg Media (OGM) file, as
demonstrated by lol-ffplay.ogm, different vectors than CVE-2007-6718
(CVE-2008-4610).
Packages for 2008.0 are being provided due to extended support for
Corporate products.
This update provides a solution to this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4610
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
beeabb1996d9bf736309cc48dacf59a1 2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
6cc819d7659aa3c3110a09764341f17a 2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
a64149c0223fce925bcc9a44261379a8 2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
e32ff29ad5bb4988009ba73d587f22d1 2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
432a60bd0ffbe8faad641154f161b12c 2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
bef39a87bdfe586aa27a8124a5f42b46 2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.i586.rpm
f3dcc5d0422d10a807f19beec6460401 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
0adb11ce92b7023d84e17c47b416a02e 2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
f99f57c6bd2c1c905723de5d23cbc78d 2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
1848eaa502b484235fc49d9dee5f46ee 2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
3bbabab6bb9461f1ac9f0991b7669dc8 2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
391c848cb410158b73199e7f2e02733a 2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
b2bc211725adcebe19a1ed90c87248e1 2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.4mdv2008.0.x86_64.rpm
f3dcc5d0422d10a807f19beec6460401 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.4mdv2008.0.src.rpm
Mandriva Linux 2009.0:
9e6955be6fc29847200a396543e91f91 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
e793f88f8612e83b87c75d28aa7b3ee3 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
510e5d64d1f3ce851aa58295048b6ce4 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
81d1d46a7b798bb137a3ce65433c5450 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
abf4b34aa90f1cfd613cf5e5bba6d01d 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
62841712208ab5dc5131383715e46e45 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
b523f312fcbe542a68af8415535813bb 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.3mdv2009.0.i586.rpm
95a8fe70eb607239e0fefe877345b8e3 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
b25852f91e95c0dd6cac413421f09817 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
d5d5e19e0a589924a37cd82addc3d135 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
e8b76380ce69b61d745aa3365b89a0d1 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
b52751767266afc6e30697905cc0a22d 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
d4a24cd43474784d990e2d18b1fbeb88 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
5c618faeabddbf34969458b9bf3be9ed 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
e584888b791440e6427c25dddad185f5 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.3mdv2009.0.x86_64.rpm
95a8fe70eb607239e0fefe877345b8e3 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdv2009.0.src.rpm
Mandriva Enterprise Server 5:
a9bad1d3f80f6abc794e12b7a616118b mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
2e1de6fd3253390d5a97f44ce410ef7a mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
d59edc9e6f14340853b421805846238b mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
22c19b94d9e6e887e080a16a724083b9 mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
a1771b311f17e89ee35aca056e3a2fe3 mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
ef57ad2c274230c8924cf7f85901d956 mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
c9391186267f11449a359a9a3f46c10f mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.3mdvmes5.i586.rpm
24d45cd3251b8876c41d60e164f61db2 mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.src.rpm
Mandriva Enterprise Server 5/X86_64:
d89476745c6defb6299cc521dcb9d811 mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
1ec046f0bc0d805cbddc0a09eb731813 mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
21f1a295e0d12ed3bf8e91e18e557d4a mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
2ac6b11c3cdffbfb7ce66ec7ed92794b mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
0958f365fc0377700789901f3cfc70b4 mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
2283f579aef13eb81f97f37b694f6393 mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
d1d3b94079ddff1e40e19b351714c1fd mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.3mdvmes5.x86_64.rpm
24d45cd3251b8876c41d60e164f61db2 mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.3mdvmes5.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFLKlMxmqjQ0CJFipgRAnrBAKCLwSWexDuGzACY5dZuH42BvRzYqgCeIpiR
ToKThFbj+KOsukdA6OcMMGA=
=yb49
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists