-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2012:074 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ffmpeg Date : May 14, 2012 Affected: Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in ffmpeg: The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973). Integer signedness error in the decode_residual_inter function in cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, a different vulnerability than CVE-2011-3362 (CVE-2011-3974). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895). An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited to cause a buffer overflow (CVE-2011-4351). An integer overflow error within the "vp3_dequant()" function (libavcodec/vp3.c) can be exploited to cause a buffer overflow (CVE-2011-4352). Errors within the "av_image_fill_pointers()", the "vp5_parse_coeff()", and the "vp6_parse_coeff()" functions can be exploited to trigger out-of-bounds reads (CVE-2011-4353). It was discovered that Libav incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2011-4364). It was discovered that Libav incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2011-4579). The updated packages have been upgraded to the 0.5.9 version where these issues has been corrected. Additionally a couple of packages needed to be rebuilt for the new ffmpeg version and is also being provided with this advisory. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3362 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3504 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3973 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3974 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3893 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3895 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4351 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4352 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4353 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4364 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4579 _______________________________________________________________________ Updated Packages: Mandriva Enterprise Server 5: 0fdb49826f72c882160194a2b69a5c87 mes5/i586/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.i586.rpm a9184e748cedd56e29a8e8f8320e8e7f mes5/i586/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.i586.rpm a2cd850d45fc78fbfbaaa1b5f1f26cb3 mes5/i586/ffmpeg-0.5.9-0.1mdvmes5.2.i586.rpm 934e1dc981e21c900b061d35ff4f07f8 mes5/i586/libalsa-plugins-1.0.18-1.3mdvmes5.2.i586.rpm 35cf79d3b7d0bed70062490c234a3a96 mes5/i586/libalsa-plugins-jack-1.0.18-1.3mdvmes5.2.i586.rpm 463cc419b2884f4679b892178a3a337b mes5/i586/libalsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.i586.rpm 5a4fbe9f761a13d68dbd2a21eb16b792 mes5/i586/libavformats52-0.5.9-0.1mdvmes5.2.i586.rpm 26962af25fa57974623890fb3677fd7f mes5/i586/libavutil49-0.5.9-0.1mdvmes5.2.i586.rpm d763fdf58e3df9e1f983f9b3fca0b5dc mes5/i586/libffmpeg52-0.5.9-0.1mdvmes5.2.i586.rpm 001f3283c3e5c4613b27eb2e0e16c67e mes5/i586/libffmpeg-devel-0.5.9-0.1mdvmes5.2.i586.rpm beab6d8b916aee5612dd19d911baeb28 mes5/i586/libffmpeg-static-devel-0.5.9-0.1mdvmes5.2.i586.rpm aeebaae0004f02a4d93251449dcb4a32 mes5/i586/libpostproc51-0.5.9-0.1mdvmes5.2.i586.rpm f1316e064b6a1eee639db109e6d914cb mes5/i586/libsox1-14.3.0-0.1mdvmes5.2.i586.rpm d3ada9d56563250589ae5ebf0965c9f0 mes5/i586/libsox-devel-14.3.0-0.1mdvmes5.2.i586.rpm 1142b3b17f5111d1461bf903433d48fc mes5/i586/libswscaler0-0.5.9-0.1mdvmes5.2.i586.rpm f8b48a8125687623eafc58ea85576138 mes5/i586/sox-14.3.0-0.1mdvmes5.2.i586.rpm ebbc02efc1cecabcd1bc690c037f6661 mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm 234640efe0b95b9024908b7288b32e8b mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm 15fc65b510c9db52c6a1a24eb8757543 mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 9f84db2778fc1f811bada3de7b6d4bfa mes5/x86_64/alsa-plugins-doc-1.0.18-1.3mdvmes5.2.x86_64.rpm 1d59606b054a936336eaccf54873d81d mes5/x86_64/alsa-plugins-pulse-config-1.0.18-1.3mdvmes5.2.x86_64.rpm 50b0809d47ff5a08a390732ab8e0a933 mes5/x86_64/ffmpeg-0.5.9-0.1mdvmes5.2.x86_64.rpm 088e6dc595a71490d6d9f46e558a6726 mes5/x86_64/lib64alsa-plugins-1.0.18-1.3mdvmes5.2.x86_64.rpm 37fda2dabd87de004441841b59d391b5 mes5/x86_64/lib64alsa-plugins-jack-1.0.18-1.3mdvmes5.2.x86_64.rpm 734ccbb72c0f4fd4202e1d2479b3b00c mes5/x86_64/lib64alsa-plugins-pulseaudio-1.0.18-1.3mdvmes5.2.x86_64.rpm 6d2178f975d930a5824ef91020fc1cdb mes5/x86_64/lib64avformats52-0.5.9-0.1mdvmes5.2.x86_64.rpm ca395249e3f8c7d1f5e63ffe71302cc0 mes5/x86_64/lib64avutil49-0.5.9-0.1mdvmes5.2.x86_64.rpm 6d6fe319ed45c1699432b88032ebc3b1 mes5/x86_64/lib64ffmpeg52-0.5.9-0.1mdvmes5.2.x86_64.rpm e4ede05f09b5f59c0f672ec2aa5dc699 mes5/x86_64/lib64ffmpeg-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm 96c86a1f1d85a5e30c319f4f16879a5c mes5/x86_64/lib64ffmpeg-static-devel-0.5.9-0.1mdvmes5.2.x86_64.rpm 0887b3218482cac483f3d71c93172cad mes5/x86_64/lib64postproc51-0.5.9-0.1mdvmes5.2.x86_64.rpm 32929df8af1400096cc801bdee36e6c9 mes5/x86_64/lib64sox1-14.3.0-0.1mdvmes5.2.x86_64.rpm 22485b182e669a22f875d0103729a25c mes5/x86_64/lib64sox-devel-14.3.0-0.1mdvmes5.2.x86_64.rpm 4a9dfb1bae4462e53da91d4f3b055a70 mes5/x86_64/lib64swscaler0-0.5.9-0.1mdvmes5.2.x86_64.rpm de5b1e5a5160ac8df7c4727887b00ec6 mes5/x86_64/sox-14.3.0-0.1mdvmes5.2.x86_64.rpm ebbc02efc1cecabcd1bc690c037f6661 mes5/SRPMS/alsa-plugins-1.0.18-1.3mdvmes5.2.src.rpm 234640efe0b95b9024908b7288b32e8b mes5/SRPMS/ffmpeg-0.5.9-0.1mdvmes5.2.src.rpm 15fc65b510c9db52c6a1a24eb8757543 mes5/SRPMS/sox-14.3.0-0.1mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPsSFpmqjQ0CJFipgRAgBuAKDx4qPO9FrgQm+FZ9hUsH7CE+Y4bgCfbO/u 8bhswyhduXBF2NKD7WKctYg= =4G2y -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/