Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in Libav
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Libav
ID: USN-1333-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04, Ubuntu 11.10
Datum: Di, 17. Januar 2012, 17:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579
Applikationen: libav

Originalnachricht


--===============4492283358763351005==
Content-Type: multipart/signed; micalg="pgp-sha512";
protocol="application/pgp-signature";
boundary="=-kjfEEjpoKzrXmT9Fxk6Y"


--=-kjfEEjpoKzrXmT9Fxk6Y
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1333-1
January 17, 2012

libav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Libav could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- libav: Multimedia player, server, encoder and transcoder

Details:

Steve Manzuik discovered that Libav incorrectly handled certain malformed
Matroska files. If a user were tricked into opening a crafted Matroska
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 11.04. (CVE-2011-3504)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed QDM2 streams. If a user were tricked into opening a crafted QDM2
stream file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4351)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed VP3 streams. If a user were tricked into opening a crafted file,
an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2011-4352)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed VP5 and VP6 streams. If a user were tricked into opening a
crafted file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4353)

It was discovered that Libav incorrectly handled certain malformed VMD
files. If a user were tricked into opening a crafted VMD file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-4364)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1
stream file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4579)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libavcodec53 4:0.7.3-0ubuntu0.11.10.1
libavformat53 4:0.7.3-0ubuntu0.11.10.1

Ubuntu 11.04:
libavcodec52 4:0.6.4-0ubuntu0.11.04.1
libavformat52 4:0.6.4-0ubuntu0.11.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
http://www.ubuntu.com/usn/usn-1333-1
CVE-2011-3504, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353,
CVE-2011-4364, CVE-2011-4579

Package Information:
https://launchpad.net/ubuntu/+source/libav/4:0.7.3-0ubuntu0.11.10.1
https://launchpad.net/ubuntu/+source/libav/4:0.6.4-0ubuntu0.11.04.1



--ÔjfEEjpoKzrXmT9Fxk6Y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPFZr0AAoJEGVp2FWnRL6TD00P/2i3Lg329+UwU92+inGEijUR
selgNySQnprNolXcbjFJ2YXBTLJgV3CrTS3qxGbT5xvPNxNbqqcqqJuve5Me9jFc
4KrFM21eghPwedR6xdzn9IOhVS5xW0azEp6T1i0lTNmsznCKUHgxB6ow/zlKL25Q
QUNBwmIJln815CUnp/F6CSOzFNcaR73RRSdRCuMn05U25bUOAjh9gxyiFnHx3sT9
H6MK2sve0EBA3J7Yh1hwaIYvyFM6Yq6A+lYzoJWy9vQdrR69teCUW4Z9DwbzOgSD
efTyeCxF+2YVdQhocfXADEG3hVXGRxfs7f3OkeYR9MEIPrh4xCVSbcIVqzcfAs9W
OaKKOJFpLnm95PSekkq99wFO5B7yacgkum4qI5d3fJoVOPcfFRg4F+f3DK1nlhwj
SbeSX9cGzFhPo+UlmSyQxcTt8gQYMR/I04ZVbGfphKl26uMyveEyeZ77pttl8m4B
A4/Z9oJ7DefR6edaRGj54hmHUTVnbcsXYsND7gizpxxFRWjN8dUX4BjrURH0WHLU
z2g6qIYzgGzmEVwwYMos4TGMBaA6r2lXFPULl53gkq0G3W67cPnvgxYJqHFws2re
vF2FNj2G28P4cArsvjAQRCqhMJYXo6IglBxLP4fxi2cuCYZQYppU8FPZxtZxwoyt
eXIz43WMsAVsEXuHLWst
=SS9X
-----END PGP SIGNATURE-----

--=-kjfEEjpoKzrXmT9Fxk6Y--



--===============4492283358763351005==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4492283358763351005==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung