Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Libav
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Libav
ID: USN-1478-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04, Ubuntu 11.10, Ubuntu 12.04 LTS
Datum: Mo, 18. Juni 2012, 17:42
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0848
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0859
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947
Applikationen: libav

Originalnachricht

 

--===============6982267168172751699==
Content-Type: multipart/signed; micalg="pgp-sha512";
	protocol="application/pgp-signature";
 boundary="=-v1PiTyaO4N3OHwwAA9+0"


--=-v1PiTyaO4N3OHwwAA9+0
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1478-1
June 18, 2012

libav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 12.04 LTS
- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Libav could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- libav: Multimedia player, server, encoder and transcoder

Details:

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DV files. If a user were tricked into opening a
crafted DV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2011-3929, CVE-2011-3936)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed NSV files. If a user were tricked into opening a
crafted NSV file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3940)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed Kega Game Video (KGV1) files. If a user were
tricked into opening a crafted Kega Game Video (KGV1) file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program. This
issue only affected Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3945)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed MJPEG-B files. If a user were tricked into
opening a crafted MJPEG-B file, an attacker could cause a denial of service
via application crash, or possibly execute arbitrary code with the
privileges of the user invoking the program. This issue only affected
Ubuntu 11.04 and Ubuntu 11.10. (CVE-2011-3947)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed DPCM files. If a user were tricked into opening a
crafted DPCM file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3951)

Mateusz Jurczyk and Gynvael Coldwind discovered that Libav incorrectly
handled certain malformed KMVC files. If a user were tricked into opening a
crafted KMVC file, an attacker could cause a denial of service via
application crash, or possibly execute arbitrary code with the privileges
of the user invoking the program. This issue only affected Ubuntu 11.04 and
Ubuntu 11.10. (CVE-2011-3952)

Jeong Wook Oh discovered that Libav incorrectly handled certain malformed
ASF files. If a user were tricked into opening a crafted ASF file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.10. (CVE-2011-4031)

It was discovered that Libav incorrectly handled certain malformed
Westwood SNDx files. If a user were tricked into opening a crafted Westwood
SNDx file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. This issue only affected Ubuntu 11.10.
(CVE-2012-0848)

Diana Elena Muscalu discovered that Libav incorrectly handled certain
malformed AAC files. If a user were tricked into opening a crafted AAC
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0850)

It was discovered that Libav incorrectly handled certain malformed H.264
files. If a user were tricked into opening a crafted H.264 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. (CVE-2012-0851)

It was discovered that Libav incorrectly handled certain malformed ADPCM
files. If a user were tricked into opening a crafted ADPCM file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0852)

It was discovered that Libav incorrectly handled certain malformed Atrac 3
files. If a user were tricked into opening a crafted Atrac 3 file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0853)

It was discovered that Libav incorrectly handled certain malformed Shorten
files. If a user were tricked into opening a crafted Shorten file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0858)

It was discovered that Libav incorrectly handled certain malformed Vorbis
files. If a user were tricked into opening a crafted Vorbis file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program. This issue only affected Ubuntu 11.04 and Ubuntu 11.10.
(CVE-2012-0859)

Fabian Yamaguchi discovered that Libav incorrectly handled certain
malformed VQA files. If a user were tricked into opening a crafted VQA
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2012-0947)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 LTS:
  libavcodec53                    4:0.8.3-0ubuntu0.12.04.1
  libavformat53                   4:0.8.3-0ubuntu0.12.04.1

Ubuntu 11.10:
  libavcodec53                    4:0.7.6-0ubuntu0.11.10.1
  libavformat53                   4:0.7.6-0ubuntu0.11.10.1

Ubuntu 11.04:
  libavcodec52                    4:0.6.6-0ubuntu0.11.04.1
  libavformat52                   4:0.6.6-0ubuntu0.11.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
  http://www.ubuntu.com/usn/usn-1478-1
  CVE-2011-3929, CVE-2011-3936, CVE-2011-3940, CVE-2011-3945,
  CVE-2011-3947, CVE-2011-3951, CVE-2011-3952, CVE-2011-4031,
  CVE-2012-0848, CVE-2012-0850, CVE-2012-0851, CVE-2012-0852,
  CVE-2012-0853, CVE-2012-0858, CVE-2012-0859, CVE-2012-0947

Package Information:
  https://launchpad.net/ubuntu/+source/libav/4:0.8.3-0ubuntu0.12.04.1
  https://launchpad.net/ubuntu/+source/libav/4:0.7.6-0ubuntu0.11.10.1
  https://launchpad.net/ubuntu/+source/libav/4:0.6.6-0ubuntu0.11.04.1



--ß1PiTyaO4N3OHwwAA9+0
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJP3zOfAAoJEGVp2FWnRL6TYTwQALQJrcuKCbAU1eI8sHXvJora
2333Q9FRbtNSsoaq5OXs4CjOE0eQ0aYnEsMujKhBXxMNsllyF0+fQ9W0JCkq0hU7
Zd9+ePmDVDu5HLWKyDH9jEUKEXd+Rpb81w/7/zjtad6IzZPVNPNXSAqx7BU87ga4
EMZd50AoujSQfXCX1rhLmF6sv2PQkgFOGyP45cFbVSo9EPnLdy6IbPVfFFj2Dkqk
9B8Zv5WRdeG+TgSIRB9icDVhuKI/SNEz12wLC6ypWLKZj0WhqSPmLP1MLRD8wkTd
U4KkVr7FYAbAawnTvc+YwrY9CeRGgxww/dw0HxS1yeFJuLUDTohEo6PrFP7W+zcl
AnOoSfhUMgDIF6+f8/kL0Gl2vZObzoAll11okKYRGyfOekc1dwXKAeHIWeEOlCfY
iMNjYs7zsmMZabCxBUE5CSqdRQX99ev++55fThQW7Q1n0lgK/XNlsmvcmhfB2FYl
tmF/uqBmC9bOUUfAeNY6AnSI1+oUTUFAZGDZ3nBFL3IqwKLMXoHOHokMalijZoge
nIVG6xjZjWLK4oeYuRYUJPBiIKa8a25PeHGmPaB7n+ZjvC/Xes/09Zyh1JjJvCYf
NSD6g4bJoUmYxGeE3DJ6KwIuEEwou2D60ug2rcYaOXGfc9SGXWXiM8okvNgG76Fd
Z+1SqTTWGJJtHhXB/5Sh
=OTog
-----END PGP SIGNATURE-----

--=-v1PiTyaO4N3OHwwAA9+0--



--===============6982267168172751699==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6982267168172751699==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung