User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2012-0141 (mplayer)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2012-0141: mplayer-1.0-1.rc4.0.r32713.5.4.mga1 (1/core, tainted)
Date:  Mon, 9 Jul 2012 16:22:13 +0200
Message-ID:  <20120709142213.GA21837@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2012-0141 Date: July 9th, 2012 Affected releases: 1 Description: Updated mplayer packages fix security vulnerabilities: nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) atrac3: Fix crash in tonal component decoding (CVE-2012-0853) mjpegbdec: Fix overflow in SOS (CVE-2011-3947) kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) h264: Add check for invalid chroma_format_idc (CVE-2012-0851) adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) kmvc: Check palsize (CVE-2011-3952) Updated Packages: mplayer-1.0-1.rc4.0.r32713.5.4.mga1 mplayer-doc-1.0-1.rc4.0.r32713.5.4.mga1 mplayer-gui-1.0-1.rc4.0.r32713.5.4.mga1 mencoder-1.0-1.rc4.0.r32713.5.4.mga1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 https://bugs.mageia.org/show_bug.cgi?id=6483 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...


(Log in to post comments)


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds