Login
Newsletter
Werbung

Sicherheit: Denial of Service in FFMpeg
Aktuelle Meldungen Distributionen
Name: Denial of Service in FFMpeg
ID: USN-1706-1
Distribution: Ubuntu
Plattformen: Ubuntu 10.04 LTS
Datum: Mo, 28. Januar 2013, 16:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2803
Applikationen: FFmpeg

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--===============6504907868776017502==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="------------enigF4700B79D7049272669C01E1"

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigF4700B79D7049272669C01E1
Content-Type: text/plain; charset=ISO-8859-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1706-1
January 28, 2013

ffmpeg vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

FFmpeg could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- ffmpeg: multimedia player, server and encoder

Details:

It was discovered that FFmpeg incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
libavcodec52 4:0.5.9-0ubuntu0.10.04.3
libavformat52 4:0.5.9-0ubuntu0.10.04.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1706-1
CVE-2012-2783, CVE-2012-2803

Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/4:0.5.9-0ubuntu0.10.04.3



--------------enigF4700B79D7049272669C01E1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRBotEAAoJEGVp2FWnRL6ToggP/0thWTwNuRirxFalyTzaI8O3
fuxFJWgTm9BSCKJgnqnRyBxcRRVRjhWO2qlel4WMcpU+2F2fUT3N+U5m5S2i6JCj
HKCc5tcAlghjeVpSA18XzuqVFE+yWFG+Ywm7BHWRaPgoJVRFbujI6o8ECLrdpviQ
QAuNyP5WUBj2C1ukMm/RwROVFzyBmlirubXkwrjUOXF6KUjAVFYqNY8P6dONZlya
h0KTkAcjmSlJtGNqaNPXWGzbRl6PZp+US4k52KB35Qd6ybthrcqgMuPGAwRn7R9h
0WuDKf2OggTOz9KSAEijotqBcUdG9HaqUIPZoRAwEMfREUpgVq5VEQISV5tPYvso
yh5G48U8OU93OdOg9+9VI6tQC92rkJrDYVYItCuJuYUJgy9toP0LSExlIsyQOq4J
mkj0lnbFgS19kuFlbemRBA8D9AaqFV7GasP22CxzRdCuWQ9umzu0oXOQvBjdKfWt
oifbk+SW/sQZys30B2VD92QQNjto58KaT//UAu6ZJvRPFRuolf8EIjYjOJ+3aMvx
zyzTvUj8SSYZa1n5qZZV6gaCb6U2MkfvV7CXm5D/T3LqD40x+E0lzqAcjy2hIDIl
Iz06rLGaaaNIeV7Ylttfqu+hO1Q9KKAybRCnw3Nk/5Y8OSosaU70dlPlXUeqphHf
kSdNMDA+rrXQfjDcktvS
=NPp+
-----END PGP SIGNATURE-----

--------------enigF4700B79D7049272669C01E1--


--===============6504907868776017502==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============6504907868776017502==--
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung