From Mageia wiki
Jump to: navigation, search

MGASA-2012-0142

Date: July 9th, 2012
Affected releases: 1


Description:
Updated ffmpeg packages fix security vulnerabilities:

nsvdec: Fix use of uninitialized streams, Be more careful with
av_malloc(), nsvdec: Propagate errors (CVE-2011-3940)

dv: Fix small stack overread, check stype, Fix null pointer
dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936)

atrac3: Fix crash in tonal component decoding (CVE-2012-0853)

mjpegbdec: Fix overflow in SOS (CVE-2011-3947)

kgv1dec: Increase offsets array size so it is large enough
(CVE-2011-3945)

vqavideo: return error if image size is not a multiple of block size
(CVE-2012-0947)

dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951)

aacsbr: prevent out of bounds memcpy() (CVE-2012-0850)

h264: Add check for invalid chroma_format_idc (CVE-2012-0851)

adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852)

shorten: Use separate pointers for the allocated memory for decoded
samples, check for realloc failure (CVE-2012-0858)

kmvc: Check palsize (CVE-2011-3952)

several other bugs were fixed as well, see the ChangeLog


Updated Packages:
ffmpeg-0.6.6-0.1.mga1
lib(64)avformats52-0.6.6-0.1.mga1
lib(64)avutil50-0.6.6-0.1.mga1
lib(64)ffmpeg-devel-0.6.6-0.1.mga1
lib(64)ffmpeg-static-devel-0.6.6-0.1.mga1
lib(64)ffmpeg52-0.6.6-0.1.mga1
lib(64)postproc51-0.6.6-0.1.mga1
lib(64)swscaler0-0.6.6-0.1.mga1


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947
http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;h=6f753216f5383eb296802efe1dbd3eea0ed589af;hb=62133b38ed043b57eeecbe7fc8b6f187fd92e5e0
https://bugs.mageia.org/show_bug.cgi?id=6484

Retrieved from "https://wiki.mageia.org/mw-en/index.php?title=Support/Advisories/MGASA-2012-0142&oldid=9024"