To: [email protected]Subject: [ MDVSA-2009:015 ] ffmpeg
Date: Thu, 15 Jan 2009 21:53:00 -0700
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LNghY-0007OK-Sc@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:015
http://www.mandriva.com/security/
_______________________________________________________________________
Package : ffmpeg
Date : January 15, 2009
Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Several vulnerabilities have been discovered in ffmpeg, related to
the execution of DTS generation code (CVE-2008-4866) and incorrect
handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867).
The updated packages have been patched to prevent this.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4866http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
69f5bb05cc258a7c6ae2f6a257b2a5b8 2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
cd83495c017a04293adb82556f4f8482 2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
09649773f74c8645a59cc80681f12466 2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
92e9a33dd75a37a0cbb2cab69bb74309 2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
5f565919b7ab46e929e7f9aaf10631b8 2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
034408cd38467d6a6cb39164d424860c 2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm
8ae45881734c54789b6adea12c9dd88b 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
09cc4db7b2ac8704e5e2edc57e836b36 2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
536adebb82012eeadae9d3750b092b7e 2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
80cce2817de5908cf394cd02bee110af 2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
2d1322198a13c08592145bf8f75ca886 2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
6cf5ba0caec21c90bf77a30f7a07f624 2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
2c944710a7632bebd06373776130b425 2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm
8ae45881734c54789b6adea12c9dd88b 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm
Mandriva Linux 2008.1:
06da71bb222dd80ce7a93ab3627caf43 2008.1/i586/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
c6bf47fca947aed4ffa888bfb3882476 2008.1/i586/libavformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
b6d519b089e6585fba225b40388c45ee 2008.1/i586/libavutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
3603d5c3f4988a9946f23960bc037ac0 2008.1/i586/libffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
c58de74e89429974f61520add2f002e9 2008.1/i586/libffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
96fe6f0fe1456c236c7bf2c39fbaf2c3 2008.1/i586/libffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm
0a1d77a5ecf39c56e111405d72ee841a 2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
2b71b95220d0ec6c2f301089b4e33cdb 2008.1/x86_64/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
e7acbc6eb25937c4db42a10afab6e5d3 2008.1/x86_64/lib64avformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
be7b0bcc9f004581bcaebf1a155ae624 2008.1/x86_64/lib64avutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
b32b81fc868aca710b1abd74a7ae8801 2008.1/x86_64/lib64ffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
033cf830e9461b068afb81a80e617a99 2008.1/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
12ef917412a1d07c6e4f4c59b53407f6 2008.1/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm
0a1d77a5ecf39c56e111405d72ee841a 2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm
Mandriva Linux 2009.0:
7838bc5941bb507db53e52f608678e6a 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
8e4139560f855e1af2ed22913a2d18f6 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
024693ee05ad68776e30fddf8831e8c7 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
30624dc9e519d14bdfffc50deb88de0f 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
9eeabebc197f131565704d1fb76512ea 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
82eb4a6ac847a138ad3e928880a7c141 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
8f1bedab9de049fbcd70cdcb7723275e 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm
cacf713130e9fe924cf21d73a7a4a064 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
145fb08e1c0a93a4fbe53bffc1bca811 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
9a853b0bfb7d6b32cb303a313d0050dc 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
2c164afea0211e2a14028b43363bcf48 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
58f1e3f6376733ecf890b50c3ba733d8 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
8c9479e644e4455ca381bab9098f5383 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
584a63e3d7c45ddcb123b0721fa4ccd4 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
9bbf2eb2e51f3d95af9ac45dddaf109a 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm
cacf713130e9fe924cf21d73a7a4a064 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJb+VtmqjQ0CJFipgRAq6NAKCpE21xQwjYBMI8gfT/c5GnnfWr/ACgz9nU
5EtWS4Ceh12LB2tIbrnOxAE=
=nZWI
-----END PGP SIGNATURE-----