Pardus alert 2011-87 (ffmpeg mplayer)

From:
    	     
 
Meltem Parmaksız <meltem@pardus.org.tr> 
To:
    	     
 
pardus-security@pardus.org.tr 
Subject:
    	     
 
[Pardus-security]  [PLSA 2011-87] ffmpeg: Code Execution 
Date:
    	     
 
Tue, 21 Jun 2011 16:11:22 +0300
Message-ID:
    	     
 
<201106211611.22209.meltem@pardus.org.tr>
Archive-link:
    	     
 
Article, Thread
              
------------------------------------------------------------------------
Pardus Linux Security Advisory 2011-87            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2011-06-21
      Type: Local
------------------------------------------------------------------------

Summary
=======

A vulnerability has been fixed in ffmpeg, which can be result in an out 
of array write and potentially arbitrary code execution. 


Description
===========

CVE-2011-1931: 

ffmpeg/libav out of array write in AMV parsing 



Affected packages:

  Pardus 2009:
    ffmpeg, all before 0.6.1_20110105-90-42
    mplayer, all before 0.0_20110105-140-38



Resolution
==========

There are update(s) for ffmpeg, mplayer. You can update them via Package
Manager or with a single command from console: 

    pisi up ffmpeg mplayer

References
==========

  * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624339
  * http://seclists.org/bugtraq/2011/Apr/257
  * http://git.videolan.org/?p=ffmpeg.gi...626fa0eda61a32
  * http://bugs.pardus.org.tr/show_bug.cgi?id=18181

------------------------------------------------------------------------
_______________________________________________
Pardus-Security mailing list
Pardus-Security@pardus.org.tr
http://liste.pardus.org.tr/mailman/listinfo/pardus-security