[Security Announce] [ MDVSA-2009:015 ] ffmpeg

[news 28]

This is a multi-part message in MIME format...

 

------------=_1232081411-14940-7465

 

 

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

 

_______________________________________________________________________

 

Mandriva Linux Security Advisory MDVSA-2009:015

http://www.mandriva.com/security/

_______________________________________________________________________

 

Package : ffmpeg

Date : January 15, 2009

Affected: 2008.0, 2008.1, 2009.0

_______________________________________________________________________

 

Problem Description:

 

Several vulnerabilities have been discovered in ffmpeg, related to

the execution of DTS generation code (CVE-2008-4866) and incorrect

handling of DCA_MAX_FRAME_SIZE value (CVE-2008-4867).

 

The updated packages have been patched to prevent this.

_______________________________________________________________________

 

References:

 

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4866

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4867

_______________________________________________________________________

 

Updated Packages:

 

Mandriva Linux 2008.0:

69f5bb05cc258a7c6ae2f6a257b2a5b8 2008.0/i586/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm

cd83495c017a04293adb82556f4f8482 2008.0/i586/libavformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm

09649773f74c8645a59cc80681f12466 2008.0/i586/libavutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm

92e9a33dd75a37a0cbb2cab69bb74309 2008.0/i586/libffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm

5f565919b7ab46e929e7f9aaf10631b8 2008.0/i586/libffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm

034408cd38467d6a6cb39164d424860c 2008.0/i586/libffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.i586.rpm

8ae45881734c54789b6adea12c9dd88b 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.0/X86_64:

09cc4db7b2ac8704e5e2edc57e836b36 2008.0/x86_64/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm

536adebb82012eeadae9d3750b092b7e 2008.0/x86_64/lib64avformats51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm

80cce2817de5908cf394cd02bee110af 2008.0/x86_64/lib64avutil49-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm

2d1322198a13c08592145bf8f75ca886 2008.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm

6cf5ba0caec21c90bf77a30f7a07f624 2008.0/x86_64/lib64ffmpeg51-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm

2c944710a7632bebd06373776130b425 2008.0/x86_64/lib64ffmpeg51-static-devel-0.4.9-3.pre1.8994.2.2mdv2008.0.x86_64.rpm

8ae45881734c54789b6adea12c9dd88b 2008.0/SRPMS/ffmpeg-0.4.9-3.pre1.8994.2.2mdv2008.0.src.rpm

 

Mandriva Linux 2008.1:

06da71bb222dd80ce7a93ab3627caf43 2008.1/i586/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm

c6bf47fca947aed4ffa888bfb3882476 2008.1/i586/libavformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm

b6d519b089e6585fba225b40388c45ee 2008.1/i586/libavutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm

3603d5c3f4988a9946f23960bc037ac0 2008.1/i586/libffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm

c58de74e89429974f61520add2f002e9 2008.1/i586/libffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm

96fe6f0fe1456c236c7bf2c39fbaf2c3 2008.1/i586/libffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.i586.rpm

0a1d77a5ecf39c56e111405d72ee841a 2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm

 

Mandriva Linux 2008.1/X86_64:

2b71b95220d0ec6c2f301089b4e33cdb 2008.1/x86_64/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm

e7acbc6eb25937c4db42a10afab6e5d3 2008.1/x86_64/lib64avformats52-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm

be7b0bcc9f004581bcaebf1a155ae624 2008.1/x86_64/lib64avutil49-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm

b32b81fc868aca710b1abd74a7ae8801 2008.1/x86_64/lib64ffmpeg51-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm

033cf830e9461b068afb81a80e617a99 2008.1/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm

12ef917412a1d07c6e4f4c59b53407f6 2008.1/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.11599.2.2mdv2008.1.x86_64.rpm

0a1d77a5ecf39c56e111405d72ee841a 2008.1/SRPMS/ffmpeg-0.4.9-3.pre1.11599.2.2mdv2008.1.src.rpm

 

Mandriva Linux 2009.0:

7838bc5941bb507db53e52f608678e6a 2009.0/i586/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm

8e4139560f855e1af2ed22913a2d18f6 2009.0/i586/libavformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm

024693ee05ad68776e30fddf8831e8c7 2009.0/i586/libavutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm

30624dc9e519d14bdfffc50deb88de0f 2009.0/i586/libffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm

9eeabebc197f131565704d1fb76512ea 2009.0/i586/libffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm

82eb4a6ac847a138ad3e928880a7c141 2009.0/i586/libffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm

8f1bedab9de049fbcd70cdcb7723275e 2009.0/i586/libswscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.i586.rpm

cacf713130e9fe924cf21d73a7a4a064 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm

 

Mandriva Linux 2009.0/X86_64:

145fb08e1c0a93a4fbe53bffc1bca811 2009.0/x86_64/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm

9a853b0bfb7d6b32cb303a313d0050dc 2009.0/x86_64/lib64avformats52-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm

2c164afea0211e2a14028b43363bcf48 2009.0/x86_64/lib64avutil49-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm

58f1e3f6376733ecf890b50c3ba733d8 2009.0/x86_64/lib64ffmpeg51-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm

8c9479e644e4455ca381bab9098f5383 2009.0/x86_64/lib64ffmpeg-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm

584a63e3d7c45ddcb123b0721fa4ccd4 2009.0/x86_64/lib64ffmpeg-static-devel-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm

9bbf2eb2e51f3d95af9ac45dddaf109a 2009.0/x86_64/lib64swscaler0-0.4.9-3.pre1.14161.1.1mdv2009.0.x86_64.rpm

cacf713130e9fe924cf21d73a7a4a064 2009.0/SRPMS/ffmpeg-0.4.9-3.pre1.14161.1.1mdv2009.0.src.rpm

_______________________________________________________________________

 

To upgrade automatically use MandrivaUpdate or urpmi. The verification

of md5 checksums and GPG signatures is performed automatically for you.

 

All packages are signed by Mandriva for security. You can obtain the

GPG public key of the Mandriva Security Team by executing:

 

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 

You can view other update advisories for Mandriva Linux at:

 

http://www.mandriva.com/security/advisories

 

If you want to report vulnerabilities, please contact

 

security_(at)_mandriva.com

_______________________________________________________________________

 

Type Bits/KeyID Date User ID

pub 1024D/22458A98 2000-07-10 Mandriva Security Team

 

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v1.4.9 (GNU/Linux)

 

iD8DBQFJb+VtmqjQ0CJFipgRAq6NAKCpE21xQwjYBMI8gfT/c5GnnfWr/ACgz9nU

5EtWS4Ceh12LB2tIbrnOxAE=

=nZWI

-----END PGP SIGNATURE-----

 

 

------------=_1232081411-14940-7465

Content-Type: text/plain; name="message-footer.txt"

Content-Disposition: inline; filename="message-footer.txt"

Content-Transfer-Encoding: 8bit

 

To unsubscribe, send a email to sympa ( -at -) mandrivalinux.org

with this subject : unsubscribe security-announce

_______________________________________________________

Want to buy your Pack or Services from Mandriva?

Go to http://www.mandrivastore.com

Join the Club : http://www.mandrivaclub.com

_______________________________________________________

 

------------=_1232081411-14940-7465--