full-disclosure-uk January 2009 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] [ MDVSA-2009:015 ] ffmpeg

[Full-disclosure] [ MDVSA-2009:015 ] ffmpeg

From: <security_at_nospam>
Date: Fri Jan 16 2009 - 04:53:00 GMT
To: full-disclosure@lists.grok.org.uk

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Mandriva Linux Security Advisory MDVSA-2009:015  http://www.mandriva.com/security/
Package : ffmpeg Date : January 15, 2009 Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________

 Problem Description:

 Several vulnerabilities have been discovered in ffmpeg, related to  the execution of DTS generation code (CVE-2008-4866) and incorrect  handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867).  

 The updated packages have been patched to prevent this.


 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4866  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867


 Updated Packages:

 Mandriva Linux 2008.0: 69f5bb05cc258a7c6ae2f6a257b2a5b8 2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm cd83495c017a04293adb82556f4f8482 2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm 09649773f74c8645a59cc80681f12466 2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm 92e9a33dd75a37a0cbb2cab69bb74309 2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm 5f565919b7ab46e929e7f9aaf10631b8 2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm 034408cd38467d6a6cb39164d424860c 2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm 8ae45881734c54789b6adea12c9dd88b 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64: 09cc4db7b2ac8704e5e2edc57e836b36 2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm 536adebb82012eeadae9d3750b092b7e 2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm 80cce2817de5908cf394cd02bee110af 2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm 2d1322198a13c08592145bf8f75ca886 2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm 6cf5ba0caec21c90bf77a30f7a07f624 2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm 2c944710a7632bebd06373776130b425 2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm 8ae45881734c54789b6adea12c9dd88b 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1: 06da71bb222dd80ce7a93ab3627caf43 2008.1/i586/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm c6bf47fca947aed4ffa888bfb3882476 2008.1/i586/libavformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm b6d519b089e6585fba225b40388c45ee 2008.1/i586/libavutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm 3603d5c3f4988a9946f23960bc037ac0 2008.1/i586/libffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm c58de74e89429974f61520add2f002e9 2008.1/i586/libffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm 96fe6f0fe1456c236c7bf2c39fbaf2c3 2008.1/i586/libffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm 0a1d77a5ecf39c56e111405d72ee841a 2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64: 2b71b95220d0ec6c2f301089b4e33cdb 2008.1/x86_64/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm e7acbc6eb25937c4db42a10afab6e5d3 2008.1/x86_64/lib64avformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm be7b0bcc9f004581bcaebf1a155ae624 2008.1/x86_64/lib64avutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm b32b81fc868aca710b1abd74a7ae8801 2008.1/x86_64/lib64ffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm 033cf830e9461b068afb81a80e617a99 2008.1/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm 12ef917412a1d07c6e4f4c59b53407f6 2008.1/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm 0a1d77a5ecf39c56e111405d72ee841a 2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0: 7838bc5941bb507db53e52f608678e6a 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm 8e4139560f855e1af2ed22913a2d18f6 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm 024693ee05ad68776e30fddf8831e8c7 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm 30624dc9e519d14bdfffc50deb88de0f 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm 9eeabebc197f131565704d1fb76512ea 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm 82eb4a6ac847a138ad3e928880a7c141 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm 8f1bedab9de049fbcd70cdcb7723275e 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm cacf713130e9fe924cf21d73a7a4a064 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64: 145fb08e1c0a93a4fbe53bffc1bca811 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm 9a853b0bfb7d6b32cb303a313d0050dc 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm 2c164afea0211e2a14028b43363bcf48 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm 58f1e3f6376733ecf890b50c3ba733d8 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm 8c9479e644e4455ca381bab9098f5383 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm 584a63e3d7c45ddcb123b0721fa4ccd4 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm 9bbf2eb2e51f3d95af9ac45dddaf109a 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm cacf713130e9fe924cf21d73a7a4a064 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm
_______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi. The verification  of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security. You can obtain the  GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com


 Type Bits/KeyID Date User ID
 pub 1024D/22458A98 2000-07-10 Mandriva Security Team   <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJb+VtmqjQ0CJFipgRAq6NAKCpE21xQwjYBMI8gfT/c5GnnfWr/ACgz9nU 5EtWS4Ceh12LB2tIbrnOxAE=
=nZWI
-----END PGP SIGNATURE-----



Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/