User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2012-0142 (ffmpeg)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2012-0142: ffmpeg-0.6.6-0.1.mga1 (1/core, tainted)
Date:  Mon, 9 Jul 2012 17:02:37 +0200
Message-ID:  <20120709150237.GA22277@valstar.mageia.org>
Archive-link:  Article, Thread

MGASA-2012-0142 Date: July 9th, 2012 Affected releases: 1 Description: Updated ffmpeg packages fix security vulnerabilities: nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) atrac3: Fix crash in tonal component decoding (CVE-2012-0853) mjpegbdec: Fix overflow in SOS (CVE-2011-3947) kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) h264: Add check for invalid chroma_format_idc (CVE-2012-0851) adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) kmvc: Check palsize (CVE-2011-3952) several other bugs were fixed as well, see the ChangeLog Updated Packages: ffmpeg-0.6.6-0.1.mga1 lib(64)avformats52-0.6.6-0.1.mga1 lib(64)avutil50-0.6.6-0.1.mga1 lib(64)ffmpeg-devel-0.6.6-0.1.mga1 lib(64)ffmpeg-static-devel-0.6.6-0.1.mga1 lib(64)ffmpeg52-0.6.6-0.1.mga1 lib(64)postproc51-0.6.6-0.1.mga1 lib(64)swscaler0-0.6.6-0.1.mga1 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;... https://bugs.mageia.org/show_bug.cgi?id=6484 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds