-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:297 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ffmpeg Date : November 13, 2009 Affected: 2009.0, Corporate 3.0, Corporate 4.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Vulnerabilities have been discovered and corrected in ffmpeg: - The ffmpeg lavf demuxer allows user-assisted attackers to cause a denial of service (application crash) via a crafted GIF file (CVE-2008-3230) - FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a Tcp/udp memory leak. (CVE-2008-4869) - Integer signedness error in the fourxm_read_header function in libavformat/4xm.c in FFmpeg before revision 16846 allows remote attackers to execute arbitrary code via a malformed 4X movie file with a large current_track value, which triggers a NULL pointer dereference (CVE-2009-0385) The updated packages fix this issue. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3230 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4869 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0385 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: e0594fb5df04fa79335f16d75050cdd2 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm 57bbb28bfef423a5a03f191894ac047b 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm 205e40f56832e8bc273df3fda8498721 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm 789da278cdb4915eef10a15de83fdcca 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm b0fa1fe90d5a5dc261b8d09b91d84694 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm b9ae28eb8d2fb8b8f52a1d330d9d072b 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm d61b93aaddbab02603d815eecfaf5060 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.2mdv2009.0.i586.rpm 1ca41b3ff07810dd8fdc319dad0bfa38 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 3bc194b9870a51d754fd4a263672a440 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm 220aaa86d9e11e2ef69bea8e360ebbac 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm 7d3d5b429dc653e71e3ec8a4cfd17f30 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm 568a8c2790c8378d555f5ff34a5360fc 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm 17601276b12379836321303c7f96f62f 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm 0ee4ae42aec3cc81fd2ee7ac5dc92ed7 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm c54bbaeb83e81d78389cdae69fc7945e 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.2mdv2009.0.x86_64.rpm 1ca41b3ff07810dd8fdc319dad0bfa38 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm Corporate 3.0: cd5e396289264ed5739fd77bc9580ce3 corporate/3.0/i586/ffmpeg-0.4.8-7.4.C30mdk.i586.rpm dade7b7fbf1d4bf1f74b94e17c09cc12 corporate/3.0/i586/libffmpeg0-0.4.8-7.4.C30mdk.i586.rpm 9d0371d643c952bf302c4c79f7e8bf2f corporate/3.0/i586/libffmpeg0-devel-0.4.8-7.4.C30mdk.i586.rpm 8a5fad09c722723e1a40de83a077d4eb corporate/3.0/SRPMS/ffmpeg-0.4.8-7.4.C30mdk.src.rpm Corporate 3.0/X86_64: 614c5fd1e865146478012bd5b053e62e corporate/3.0/x86_64/ffmpeg-0.4.8-7.4.C30mdk.x86_64.rpm 3276671b86a7f9e4114defedb17f1770 corporate/3.0/x86_64/lib64ffmpeg0-0.4.8-7.4.C30mdk.x86_64.rpm 9bfe44651ef6bbe526e26ca323a58817 corporate/3.0/x86_64/lib64ffmpeg0-devel-0.4.8-7.4.C30mdk.x86_64.rpm 8a5fad09c722723e1a40de83a077d4eb corporate/3.0/SRPMS/ffmpeg-0.4.8-7.4.C30mdk.src.rpm Corporate 4.0: cea39827d3cd607430962785c6206bfe corporate/4.0/i586/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm 345afe63a69e8b8c2f880a501174fa77 corporate/4.0/i586/libffmpeg0-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm 190b7001f77184177490bff0b2176749 corporate/4.0/i586/libffmpeg0-devel-0.4.9-0.pre1.5.4.20060mlcs4.i586.rpm cb4625766fd1476aa6abd49fcf249aa5 corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.src.rpm Corporate 4.0/X86_64: aae084db08e02578728aedf396a08471 corporate/4.0/x86_64/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm 8e45b4810fa52179292b676b782eef10 corporate/4.0/x86_64/lib64ffmpeg0-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm 6751921dec760a2742b88fd2434a6b8b corporate/4.0/x86_64/lib64ffmpeg0-devel-0.4.9-0.pre1.5.4.20060mlcs4.x86_64.rpm cb4625766fd1476aa6abd49fcf249aa5 corporate/4.0/SRPMS/ffmpeg-0.4.9-0.pre1.5.4.20060mlcs4.src.rpm Mandriva Enterprise Server 5: 5568575b5be379d1f0d27bcde4aa38eb mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm 9d6dc2ea4e12f2c67f6519c83a571e02 mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm 3e56d644eb5642ebc0583f11e84f52e3 mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm 3eb1291249d8561b42afc0949ac75bcf mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm fd685cbabbd636f0cbe24f77ed2e186b mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm 3f9f8eb7b6119383c3c8ca3af5c61fed mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm 111b6bfabdf8058e3ec0826a712f1d6e mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.2mdvmes5.i586.rpm 41df1f07603ebed5ceba3b21e790c9f0 mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm Mandriva Enterprise Server 5/X86_64: bf65d183cbc92b4b5c969dd494d1e1fa mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm e2203a6231aaaa4c55a6dd63d74c5e7f mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm b824a2840bfa876467b1fb92b5cb8fe2 mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm 9c1e39e6affb3b1df529f13db5e98bea mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm 11107390354de01163b6d9815f0649c5 mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm 220531e71a45efc06dd336b0ed8687cc mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm 53712b657a9c2e772abb3bde6f208824 mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.2mdvmes5.x86_64.rpm 41df1f07603ebed5ceba3b21e790c9f0 mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.2mdv2009.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFK/cuYmqjQ0CJFipgRAkExAKCfIlGM4OXYoHd+YsiHlSCQA4RS2ACgkUks zU6eTQIbO65tDPa/ANHYTpo= =q+lG -----END PGP SIGNATURE-----
