MGASA-2012-0331
| Date: | November 17th, 2012 |
| Affected releases: | 2 |
Description:
Updated ffmpeg packages fix security vulnerabilities:
vc1dec: check that coded slice positions and interlacing match. This
fixes out of array writes (CVE-2012-2796)
alsdec: fix number of decoded samples in first sub-block in BGMC mode
(CVE-2012-2790)
cavsdec: check for changing w/h. Our decoder does not support changing
w/h (CVE-2012-2777, CVE-2012-2784)
indeo4: update AVCodecContext width/height on size change (CVE-2012-2787)
avidec: use actually read size instead of requested size (CVE-2012-2788)
wmaprodec: check num_vec_coeffs for validity (CVE-2012-2789)
lagarith: check count before writing zeros (CVE-2012-2793)
indeo3: fix out of cell write (CVE-2012-2776)
indeo5: check tile size in decode_mb_info(). This prevents writing into
a too small array if some parameters changed without the tile being
reallocated (CVE-2012-2794)
indeo5dec: Make sure we have had a valid gop header. This prevents
decoding happening on a half initialized context (CVE-2012-2779)
indeo4/5: check empty tile size in decode_mb_info(). This prevents
writing into a too small array if some parameters changed without the
tile being reallocated (CVE-2012-2800)
dfa: improve boundary checks in decode_dds1() (CVE-2012-2798)
dfa: check that the caller set width/height properly (CVE-2012-2786)
avsdec: Set dimensions instead of relying on the demuxer. The decode
function assumes that the video will have those dimensions (CVE-2012-2801)
ac3dec: ensure get_buffer() gets a buffer for the correct number of
channels (CVE-2012-2802)
rv34: error out on size changes with frame threading (CVE-2012-2772)
alsdec: check opt_order. Fixes out of array write in quant_cof. Also
make sure no invalid opt_order stays in the context (CVE-2012-2775)
This updates ffmpeg to version 0.10.6 which contains the security fixes
above as well as other bug fixes.
Updated Packages:
ffmpeg-0.10.6-1.mga2
lib(64)avcodec53-0.10.6-1.mga2
lib(64)avfilter2-0.10.6-1.mga2
lib(64)avformat53-0.10.6-1.mga2
lib(64)avutil51-0.10.6-1.mga2
lib(64)ffmpeg-devel-0.10.6-1.mga2
lib(64)ffmpeg-static-devel-0.10.6-1.mga2
lib(64)postproc52-0.10.6-1.mga2
lib(64)swresample0-0.10.6-1.mga2
lib(64)swscaler2-0.10.6-1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2772
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2776
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2777
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2779
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2786
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2787
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2788
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2790
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2793
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2796
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2798
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2800
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2801
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2802
http://git.videolan.org/?p=ffmpeg.git;a=log;h=refs/heads/release/0.10
https://bugs.mageia.org/show_bug.cgi?id=8065
