Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Libav
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Libav
ID: USN-1333-1
Distribution: Ubuntu
Plattformen: Ubuntu 11.04, Ubuntu 11.10
Datum: Di, 17. Januar 2012, 17:34
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579
Applikationen: libav

Originalnachricht

 

--===============4492283358763351005==
Content-Type: multipart/signed; micalg="pgp-sha512";
	protocol="application/pgp-signature";
 boundary="=-kjfEEjpoKzrXmT9Fxk6Y"


--=-kjfEEjpoKzrXmT9Fxk6Y
Content-Type: text/plain; charset="UTF-8
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1333-1
January 17, 2012

libav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04

Summary:

Libav could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- libav: Multimedia player, server, encoder and transcoder

Details:

Steve Manzuik discovered that Libav incorrectly handled certain malformed
Matroska files. If a user were tricked into opening a crafted Matroska
file, an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. This issue only affected Ubuntu 11.04. (CVE-2011-3504)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed QDM2 streams. If a user were tricked into opening a crafted QDM2
stream file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4351)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed VP3 streams. If a user were tricked into opening a crafted file,
an attacker could cause a denial of service via application crash, or
possibly execute arbitrary code with the privileges of the user invoking
the program. (CVE-2011-4352)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed VP5 and VP6 streams. If a user were tricked into opening a
crafted file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4353)

It was discovered that Libav incorrectly handled certain malformed VMD
files. If a user were tricked into opening a crafted VMD file, an attacker
could cause a denial of service via application crash, or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2011-4364)

Phillip Langlois discovered that Libav incorrectly handled certain
malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1
stream file, an attacker could cause a denial of service via application
crash, or possibly execute arbitrary code with the privileges of the user
invoking the program. (CVE-2011-4579)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
  libavcodec53                    4:0.7.3-0ubuntu0.11.10.1
  libavformat53                   4:0.7.3-0ubuntu0.11.10.1

Ubuntu 11.04:
  libavcodec52                    4:0.6.4-0ubuntu0.11.04.1
  libavformat52                   4:0.6.4-0ubuntu0.11.04.1

This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.

References:
  http://www.ubuntu.com/usn/usn-1333-1
  CVE-2011-3504, CVE-2011-4351, CVE-2011-4352, CVE-2011-4353,
  CVE-2011-4364, CVE-2011-4579

Package Information:
  https://launchpad.net/ubuntu/+source/libav/4:0.7.3-0ubuntu0.11.10.1
  https://launchpad.net/ubuntu/+source/libav/4:0.6.4-0ubuntu0.11.04.1



--ÔjfEEjpoKzrXmT9Fxk6Y
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAABCgAGBQJPFZr0AAoJEGVp2FWnRL6TD00P/2i3Lg329+UwU92+inGEijUR
selgNySQnprNolXcbjFJ2YXBTLJgV3CrTS3qxGbT5xvPNxNbqqcqqJuve5Me9jFc
4KrFM21eghPwedR6xdzn9IOhVS5xW0azEp6T1i0lTNmsznCKUHgxB6ow/zlKL25Q
QUNBwmIJln815CUnp/F6CSOzFNcaR73RRSdRCuMn05U25bUOAjh9gxyiFnHx3sT9
H6MK2sve0EBA3J7Yh1hwaIYvyFM6Yq6A+lYzoJWy9vQdrR69teCUW4Z9DwbzOgSD
efTyeCxF+2YVdQhocfXADEG3hVXGRxfs7f3OkeYR9MEIPrh4xCVSbcIVqzcfAs9W
OaKKOJFpLnm95PSekkq99wFO5B7yacgkum4qI5d3fJoVOPcfFRg4F+f3DK1nlhwj
SbeSX9cGzFhPo+UlmSyQxcTt8gQYMR/I04ZVbGfphKl26uMyveEyeZ77pttl8m4B
A4/Z9oJ7DefR6edaRGj54hmHUTVnbcsXYsND7gizpxxFRWjN8dUX4BjrURH0WHLU
z2g6qIYzgGzmEVwwYMos4TGMBaA6r2lXFPULl53gkq0G3W67cPnvgxYJqHFws2re
vF2FNj2G28P4cArsvjAQRCqhMJYXo6IglBxLP4fxi2cuCYZQYppU8FPZxtZxwoyt
eXIz43WMsAVsEXuHLWst
=SS9X
-----END PGP SIGNATURE-----

--=-kjfEEjpoKzrXmT9Fxk6Y--



--===============4492283358763351005==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============4492283358763351005==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung