Mehrere Probleme in FFMpeg
ID: | DSA-2471-1 |
Distribution: | Debian |
Plattformen: | Debian sid, Debian squeeze |
Datum: | Mo, 14. Mai 2012, 07:31 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3892
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 |
Applikationen: | FFmpeg |
Originalnachricht |
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2471-1 security@debian.org http://www.debian.org/security/ Moritz Muehlenhoff May 13, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : ffmpeg Vulnerability : several Problem type : local(remote) Debian-specific: no CVE ID : CVE-2011-3892 CVE-2011-3893 CVE-2011-3895 CVE-2011-3929 CVE-2011-3936 CVE-2011-3940 CVE-2011-3947 CVE-2012-0853 CVE-2012-0947 Several vulnerabilities have been discovered in FFmpeg, a multimedia player, server and encoder. Multiple input validations in the decoders/ demuxers for Westwood Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3, DV, NSV, files could lead to the execution of arbitrary code. These issues were discovered by Aki Helin, Mateusz Jurczyk, Gynvael Coldwind, and Michael Niedermayer. For the stable distribution (squeeze), this problem has been fixed in version 4:0.5.8-1. For the unstable distribution (sid), this problem has been fixed in version 6:0.8.2-1 of libav. We recommend that you upgrade your ffmpeg packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAk+wGRoACgkQXm3vHE4uyloVcgCfQHEFzRDutwSM4pKOHzZzAUEE 09EAoJyfhkjYAhjWh7Mp8rxs8p38BPoG =mVJb -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org Archive: http://lists.debian.org/20120513203722.GA6405@pisco.westfalen.local |