Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in ffmpeg
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in ffmpeg
ID: MDVSA-2009:297
Distribution: Mandriva
Plattformen: Mandriva Corporate 3.0, Mandriva Corporate 4.0, Mandriva 2009.0, Mandriva Enterprise Server 5.0
Datum: Sa, 14. November 2009, 01:30
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
Applikationen: FFmpeg

Originalnachricht

This is a multi-part message in MIME format...

------------=_1258158629-24326-490


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:297
http://www.mandriva.com/security/
_______________________________________________________________________

Package : ffmpeg
Date : November 13, 2009
Affected: 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

Vulnerabilities have been discovered and corrected in ffmpeg:

- The ffmpeg lavf demuxer allows user-assisted attackers to cause
a denial of service (application crash) via a crafted GIF file
(CVE-2008-3230)

- FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers
to cause a denial of service (memory consumption) via unknown vectors,
aka a Tcp/udp memory leak. (CVE-2008-4869)

- Integer signedness error in the fourxm_read_header function in
libavformat/4xm.c in FFmpeg before revision 16846 allows remote
attackers to execute arbitrary code via a malformed 4X movie file with
a large current_track value, which triggers a NULL pointer dereference
(CVE-2009-0385)

The updated packages fix this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
e0594fb5df04fa79335f16d75050cdd2
2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
57bbb28bfef423a5a03f191894ac047b
2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
205e40f56832e8bc273df3fda8498721
2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
789da278cdb4915eef10a15de83fdcca
2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
b0fa1fe90d5a5dc261b8d09b91d84694
2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
b9ae28eb8d2fb8b8f52a1d330d9d072b
2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
d61b93aaddbab02603d815eecfaf5060
2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm
1ca41b3ff07810dd8fdc319dad0bfa38
2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64:
3bc194b9870a51d754fd4a263672a440
2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
220aaa86d9e11e2ef69bea8e360ebbac
2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
7d3d5b429dc653e71e3ec8a4cfd17f30
2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
568a8c2790c8378d555f5ff34a5360fc
2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
17601276b12379836321303c7f96f62f
2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
0ee4ae42aec3cc81fd2ee7ac5dc92ed7
2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
c54bbaeb83e81d78389cdae69fc7945e
2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm
1ca41b3ff07810dd8fdc319dad0bfa38
2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm

Corporate 3.0:
cd5e396289264ed5739fd77bc9580ce3
corporate/3.0/i586/ffmpeg-0.4.8-7.4.C30mdk.i586.rpm
dade7b7fbf1d4bf1f74b94e17c09cc12
corporate/3.0/i586/libffmpeg0-0.4.8-7.4.C30mdk.i586.rpm
9d0371d643c952bf302c4c79f7e8bf2f
corporate/3.0/i586/libffmpeg0-devel-0.4.8-7.4.C30mdk.i586.rpm
8a5fad09c722723e1a40de83a077d4eb
corporate/3.0/SRPMS/ffmpeg-0.4.8-7.4.C30mdk.src.rpm

Corporate 3.0/X86_64:
614c5fd1e865146478012bd5b053e62e
corporate/3.0/x86_64/ffmpeg-0.4.8-7.4.C30mdk.x86_64.rpm
3276671b86a7f9e4114defedb17f1770
corporate/3.0/x86_64/lib64ffmpeg0-0.4.8-7.4.C30mdk.x86_64.rpm
9bfe44651ef6bbe526e26ca323a58817
corporate/3.0/x86_64/lib64ffmpeg0-devel-0.4.8-7.4.C30mdk.x86_64.rpm
8a5fad09c722723e1a40de83a077d4eb
corporate/3.0/SRPMS/ffmpeg-0.4.8-7.4.C30mdk.src.rpm

Corporate 4.0:
cea39827d3cd607430962785c6206bfe
corporate/4.0/i586/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm
345afe63a69e8b8c2f880a501174fa77
corporate/4.0/i586/libffmpeg0-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm
190b7001f77184177490bff0b2176749
corporate/4.0/i586/libffmpeg0-devel-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm
cb4625766fd1476aa6abd49fcf249aa5
corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
aae084db08e02578728aedf396a08471
corporate/4.0/x86_64/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm
8e45b4810fa52179292b676b782eef10
corporate/4.0/x86_64/lib64ffmpeg0-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm
6751921dec760a2742b88fd2434a6b8b
corporate/4.0/x86_64/lib64ffmpeg0-devel-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm
cb4625766fd1476aa6abd49fcf249aa5
corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
5568575b5be379d1f0d27bcde4aa38eb
mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
9d6dc2ea4e12f2c67f6519c83a571e02
mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
3e56d644eb5642ebc0583f11e84f52e3
mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
3eb1291249d8561b42afc0949ac75bcf
mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
fd685cbabbd636f0cbe24f77ed2e186b
mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
3f9f8eb7b6119383c3c8ca3af5c61fed
mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
111b6bfabdf8058e3ec0826a712f1d6e
mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm
41df1f07603ebed5ceba3b21e790c9f0
mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm

Mandriva Enterprise Server 5/X86_64:
bf65d183cbc92b4b5c969dd494d1e1fa
mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
e2203a6231aaaa4c55a6dd63d74c5e7f
mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
b824a2840bfa876467b1fb92b5cb8fe2
mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
9c1e39e6affb3b1df529f13db5e98bea
mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
11107390354de01163b6d9815f0649c5
mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
220531e71a45efc06dd336b0ed8687cc
mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
53712b657a9c2e772abb3bde6f208824
mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm
41df1f07603ebed5ceba3b21e790c9f0
mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFK/cuYmqjQ0CJFipgRAkExAKCfIlGM4OXYoHd+YsiHlSCQA4RS2ACgkUks
zU6eTQIbO65tDPa/ANHYTpo=
=q+lG
-----END PGP SIGNATURE-----


------------=_1258158629-24326-490
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1258158629-24326-490--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung