[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1S2OMP-0002Wz-FZ@titan.mandriva.com>
Date: Tue, 28 Feb 2012 15:49:01 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2012:023-1 ] libvpx
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:023-1
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libvpx
Date : February 28, 2012
Affected: 2010.1, 2011.
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in libvpx:
VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers
to cause a denial of service (application crash) via (1) unspecified
corrupt input or (2) by starting decoding from a P-frame, which
triggers an out-of-bounds read, related to the clamping of motion
vectors in SPLITMV blocks (CVE-2012-0823).
The updated packages have been patched to correct this issue.
Update:
This is a symbolic advisory correction because there was a clash with
MDVSA-2012:023 that addressed libxml2.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0823
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
80595bcf9605087872ef9e76988c06fb 2010.1/i586/libvpx0-0.9.7-0.2mdv2010.2.i586.rpm
6a39a655e52324d5454df93c54803e1d 2010.1/i586/libvpx-devel-0.9.7-0.2mdv2010.2.i586.rpm
36669f19119055daa1c65a4341bf00ee 2010.1/i586/libvpx-utils-0.9.7-0.2mdv2010.2.i586.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
7d42ba1449797b928a025d82fbbf2a65 2010.1/x86_64/lib64vpx0-0.9.7-0.2mdv2010.2.x86_64.rpm
05101dfd30ef938952f61705a1394705 2010.1/x86_64/lib64vpx-devel-0.9.7-0.2mdv2010.2.x86_64.rpm
20e10865900d2a24d58b7677098057e8 2010.1/x86_64/libvpx-utils-0.9.7-0.2mdv2010.2.x86_64.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm
Mandriva Linux 2011:
e77c03974267d8b697fce1944dc7627b 2011/i586/libvpx0-0.9.7-0.2-mdv2011.0.i586.rpm
e52f1469cdf005a7a8e2855a65bfde2f 2011/i586/libvpx-devel-0.9.7-0.2-mdv2011.0.i586.rpm
6fbe1b807480c8c86d482cef51f5cc7d 2011/i586/libvpx-utils-0.9.7-0.2-mdv2011.0.i586.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm
Mandriva Linux 2011/X86_64:
81c2210c4f37421a22a877599304b5a4 2011/x86_64/lib64vpx0-0.9.7-0.2-mdv2011.0.x86_64.rpm
02f987fb0972c5b45a91a3d02060923f 2011/x86_64/lib64vpx-devel-0.9.7-0.2-mdv2011.0.x86_64.rpm
a7d46c97d8294236422b37a8359ba64d 2011/x86_64/libvpx-utils-0.9.7-0.2-mdv2011.0.x86_64.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPTL06mqjQ0CJFipgRAmSwAKC3SrXDSm5poitKzRLbK3HdV0s5XwCgqOwj
GCMzTwqDabkLHPmw9/sT7lk=
=XrZF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists