exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2011-062

Mandriva Linux Security Advisory 2011-062
Posted Apr 2, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-062 - FFmpeg 0.5 allows remote attackers to cause a denial of service via a crafted file that triggers an infinite loop. flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, mandriva
advisories | CVE-2009-4636, CVE-2010-3429, CVE-2010-4704, CVE-2011-0722, CVE-2011-0723
SHA-256 | beca983955043a364ac94ab3f8c73c9617152509a3efbeb808b628ca857b4efe

Mandriva Linux Security Advisory 2011-062

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2011:062
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : April 1, 2011
Affected: 2010.1
_______________________________________________________________________

Problem Description:

Multiple vulnerabilities has been identified and fixed in ffmpeg:

FFmpeg 0.5 allows remote attackers to cause a denial of service (hang)
via a crafted file that triggers an infinite loop. (CVE-2009-4636)

flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer
and other products, allows remote attackers to execute arbitrary code
via a crafted flic file, related to an arbitrary offset dereference
vulnerability. (CVE-2010-3429)

libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1
and earlier allows remote attackers to cause a denial of service
(application crash) via a crafted .ogg file, related to the
vorbis_floor0_decode function. (CVE-2010-4704)

Fix heap corruption crashes (CVE-2011-0722)

Fix invalid reads in VC-1 decoding (CVE-2011-0723)

And several additional vulnerabilites originally discovered by Google
Chrome developers were also fixed with this advisory.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4636
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0722
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0723
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
b4db9e819fe581e61ad59225fe630a25 2010.1/i586/ffmpeg-0.6-0.22960.5.1mdv2010.2.i586.rpm
b2ba7998b8549d1a0434d51ff76ddfed 2010.1/i586/libavformats52-0.6-0.22960.5.1mdv2010.2.i586.rpm
ce8964529073304413e3591f8d0de20b 2010.1/i586/libavutil50-0.6-0.22960.5.1mdv2010.2.i586.rpm
da9b5200a498933bd3a1e5e000937a90 2010.1/i586/libffmpeg52-0.6-0.22960.5.1mdv2010.2.i586.rpm
64a5a0c59fba081b54f7538fd658f66f 2010.1/i586/libffmpeg-devel-0.6-0.22960.5.1mdv2010.2.i586.rpm
e6fa096ebf765e1258a13bd578a8de68 2010.1/i586/libffmpeg-static-devel-0.6-0.22960.5.1mdv2010.2.i586.rpm
4cc7830f9684161826518db3077ca207 2010.1/i586/libpostproc51-0.6-0.22960.5.1mdv2010.2.i586.rpm
be1e63a9da0a1b48308390ce48dc30cb 2010.1/i586/libswscaler0-0.6-0.22960.5.1mdv2010.2.i586.rpm
87155585e9ad3413d3210489a539a62f 2010.1/SRPMS/ffmpeg-0.6-0.22960.5.1mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
f26e9389ab90769c9d41379063b44052 2010.1/x86_64/ffmpeg-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
c1f7175cad48f46cfdd2b0d57c5f1d82 2010.1/x86_64/lib64avformats52-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
da8802f10ae716e344a85d27061716e2 2010.1/x86_64/lib64avutil50-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
abe637a5f54bf30b8738bc77d3a505cd 2010.1/x86_64/lib64ffmpeg52-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
528f1d86498f7c6d975aaa58c30715d6 2010.1/x86_64/lib64ffmpeg-devel-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
c77efb105b06ee700d1094e0f468bc6d 2010.1/x86_64/lib64ffmpeg-static-devel-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
2b46dcebe1a563aed2e9949f5869be8b 2010.1/x86_64/lib64postproc51-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
e1f77931ce1aa23bbc8f1b8f607548ff 2010.1/x86_64/lib64swscaler0-0.6-0.22960.5.1mdv2010.2.x86_64.rpm
87155585e9ad3413d3210489a539a62f 2010.1/SRPMS/ffmpeg-0.6-0.22960.5.1mdv2010.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFNlhb3mqjQ0CJFipgRAn9IAJ9Yxk/y7oQNkzbAf0CXuET3XPRYYwCdF7V6
mAdlwouwYl64jARlHgI/M2w=
=AyKF
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close