-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2011:060 http://www.mandriva.com/security/ _______________________________________________________________________ Package : ffmpeg Date : April 1, 2011 Affected: 2009.0, Enterprise Server 5.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been identified and fixed in ffmpeg: oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an out-of-bounds read. (CVE-2009-4632) vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow. (CVE-2009-4633) Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream. (CVE-2009-4634) FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, which causes the mp3 decoder to process a pointer for a video structure, leading to a stack-based buffer overflow. (CVE-2009-4635) The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) via a crafted AVI file that triggers a divide-by-zero error. (CVE-2009-4639) Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Vorbis file that triggers an out-of-bounds read. (CVE-2009-4640) flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429) libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704) And several additional vulnerabilites originally discovered by Google Chrome developers were also fixed with this advisory. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4632 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4633 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4634 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4635 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4639 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4640 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704 _______________________________________________________________________ Updated Packages: Mandriva Linux 2009.0: 35b8598a8ba305854c81884350072070 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm 537c6ed300c14bd4c6dac8b9ea98349a 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm 847b11c0bb86959f9712cb2beced7648 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm 6bad47923019bdd3e17209956955919e 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm c49eeeda4be62fdcc57b0b42eff2005b 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm c06661882ab8613b23712898751856af 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm a9ef39faaa7a3054c846471ed95510a1 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.i586.rpm c8cf3cef711e1a6d51bcb666030e1f42 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: 03d2549605505e1c22ebb95d83b2657b 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm b4e51f531b91947b68224adb0b7da78b 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm 304a2ba3024d20e6c61d499d9d77daa0 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm f772b82b558dc0cb8ce7f643c23b1214 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm d60e53babfdfced4c42e15e881c1de11 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm e7b0f5257f4859d35c33d7d9cfaf601c 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm a585acd8d62940593fca0aafc9b1dc96 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdv2009.0.x86_64.rpm c8cf3cef711e1a6d51bcb666030e1f42 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdv2009.0.src.rpm Mandriva Enterprise Server 5: 3a36c497bde8a3e9fd34f0cd029d0392 mes5/i586/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm 3f06c90d4ec2332f295a6b947dd57ab5 mes5/i586/libavformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm d9aab1dbf20a5e14c824ee003941763b mes5/i586/libavutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm 5917203833e406e431fcf3cfba2fe7de mes5/i586/libffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm d3ac8c102cf086501d4fd256155941ac mes5/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm b42248fb015e570a89923d1a60728ead mes5/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm 48ce261f950e4730ac76bebf65c4acc7 mes5/i586/libswscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.i586.rpm b332f476834cc59ea192f36bf9f1521c mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm Mandriva Enterprise Server 5/X86_64: 897a2646af3535baeb15ec92bd912443 mes5/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm c270cb8f505340f3b23c6e862b6a61ae mes5/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm 3bcc81db2dce4cfe4e62f8828d710ef2 mes5/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm 556dccfb35d1b7ae34e3a98ff50392f9 mes5/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm ca12abb36b5abd916f3e94c19b02d10c mes5/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm 63ea4c46741919fe690beb94e85cfd92 mes5/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm d87ceee8d1befd22d04e3f4f78e5e52b mes5/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.4mdvmes5.2.x86_64.rpm b332f476834cc59ea192f36bf9f1521c mes5/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.4mdvmes5.2.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFNlgUCmqjQ0CJFipgRAuihAKDPoHXVNvZg3AdcWlp42IFPTQ1sPwCg2Ig1 aC78goX8Av/Q7yOT6VWTDyo= =0hmU -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/