lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1Q5knA-000258-J3@titan.mandriva.com>
Date: Fri, 01 Apr 2011 22:18:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:060 ] ffmpeg

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:060
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : ffmpeg
 Date    : April 1, 2011
 Affected: 2009.0, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities has been identified and fixed in ffmpeg:
 
 oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain
 pointer arithmetic, which might allow remote attackers to obtain
 sensitive memory contents and cause a denial of service via a crafted
 file that triggers an out-of-bounds read. (CVE-2009-4632)
 
 vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a
 comparison operator was intended, which might allow remote attackers
 to cause a denial of service and possibly execute arbitrary code via
 a crafted file that modifies a loop counter and triggers a heap-based
 buffer overflow. (CVE-2009-4633)
 
 Multiple integer underflows in FFmpeg 0.5 allow remote attackers to
 cause a denial of service and possibly execute arbitrary code via a
 crafted file that (1) bypasses a validation check in vorbis_dec.c
 and triggers a wraparound of the stack pointer, or (2) access a
 pointer from out-of-bounds memory in mov.c, related to an elst tag
 that appears before a tag that creates a stream. (CVE-2009-4634)
 
 FFmpeg 0.5 allows remote attackers to cause a denial of service and
 possibly execute arbitrary code via a crafted MOV container with
 improperly ordered tags that cause (1) mov.c and (2) utils.c to use
 inconsistent codec types and identifiers, which causes the mp3 decoder
 to process a pointer for a video structure, leading to a stack-based
 buffer overflow. (CVE-2009-4635)
 
 The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows
 remote attackers to cause a denial of service (crash) via a crafted
 AVI file that triggers a divide-by-zero error. (CVE-2009-4639)
 
 Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote
 attackers to cause a denial of service and possibly execute arbitrary
 code via a crafted Vorbis file that triggers an out-of-bounds
 read. (CVE-2009-4640)
 
 flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer
 and other products, allows remote attackers to execute arbitrary code
 via a crafted flic file, related to an arbitrary offset dereference
 vulnerability. (CVE-2010-3429)
 
 libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1
 and earlier allows remote attackers to cause a denial of service
 (application crash) via a crafted .ogg file, related to the
 vorbis_floor0_decode function. (CVE-2010-4704)
 
 And several additional vulnerabilites originally discovered by Google
 Chrome developers were also fixed with this advisory.
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=490
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4632
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4633
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4634
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4635
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4639
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4640
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 35b8598a8ba305854c81884350072070  2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 537c6ed300c14bd4c6dac8b9ea98349a  2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 847b11c0bb86959f9712cb2beced7648  2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 6bad47923019bdd3e17209956955919e  2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 c49eeeda4be62fdcc57b0b42eff2005b  2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 c06661882ab8613b23712898751856af  2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm
 a9ef39faaa7a3054c846471ed95510a1  2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm 
 c8cf3cef711e1a6d51bcb666030e1f42  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 03d2549605505e1c22ebb95d83b2657b  2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 b4e51f531b91947b68224adb0b7da78b  2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 304a2ba3024d20e6c61d499d9d77daa0  2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 f772b82b558dc0cb8ce7f643c23b1214  2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 d60e53babfdfced4c42e15e881c1de11  2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 e7b0f5257f4859d35c33d7d9cfaf601c  2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm
 a585acd8d62940593fca0aafc9b1dc96  2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm 
 c8cf3cef711e1a6d51bcb666030e1f42  2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm

 Mandriva Enterprise Server 5:
 3a36c497bde8a3e9fd34f0cd029d0392  mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 3f06c90d4ec2332f295a6b947dd57ab5  mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 d9aab1dbf20a5e14c824ee003941763b  mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 5917203833e406e431fcf3cfba2fe7de  mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 d3ac8c102cf086501d4fd256155941ac  mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 b42248fb015e570a89923d1a60728ead  mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm
 48ce261f950e4730ac76bebf65c4acc7  mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm 
 b332f476834cc59ea192f36bf9f1521c  mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 897a2646af3535baeb15ec92bd912443  mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 c270cb8f505340f3b23c6e862b6a61ae  mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 3bcc81db2dce4cfe4e62f8828d710ef2  mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 556dccfb35d1b7ae34e3a98ff50392f9  mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 ca12abb36b5abd916f3e94c19b02d10c  mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 63ea4c46741919fe690beb94e85cfd92  mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm
 d87ceee8d1befd22d04e3f4f78e5e52b  mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm 
 b332f476834cc59ea192f36bf9f1521c  mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNlgUCmqjQ0CJFipgRAuihAKDPoHXVNvZg3AdcWlp42IFPTQ1sPwCg2Ig1
aC78goX8Av/Q7yOT6VWTDyo=
=0hmU
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ