From Mageia wiki
Jump to: navigation, search

MGASA-2013-0136

Date: May 9th, 2013
Affected releases: 2
Media: Core, Tainted


Description:
Updated ffmpeg packages fix security vulnerabilities:

ivi_common: check that scan pattern is set before using it (CVE-2012-2791).

vp56: release frames on error (CVE-2012-2783).

mpeg12: do not decode extradata more than once (CVE-2012-2803).

mp3: properly forward mp_decode_frame errors (CVE-2012-2797).

vp6: properly fail on unsupported feature (CVE-2012-2783).

aacdec: Fix an off-by-one overwrite when switching to LTP profile from
MAIN (CVE-2012-5144).

indeo3: ensure that decoded cell data is in 7-bit range as presumed by
decoder; when freeing buffers, set pointers referencing them to NULL as
well; initialise pixel planes on allocation (CVE-2012-2804).

oggdec: make sure the private parse data is cleaned up (CVE-2012-2882).

vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894).

h264: check for luma and chroma bit depth being equal (CVE-2013-2277).

iff: validate CMAP palette size (CVE-2013-2495).

This updates ffmpeg to version 0.10.7 which contains the security fixes
above as well as other bug fixes.


Updated Packages:
i586:
ffmpeg-0.10.7-1.mga2.i586.rpm
libavcodec53-0.10.7-1.mga2.i586.rpm
libavfilter2-0.10.7-1.mga2.i586.rpm
libavformat53-0.10.7-1.mga2.i586.rpm
libavutil51-0.10.7-1.mga2.i586.rpm
libffmpeg-devel-0.10.7-1.mga2.i586.rpm
libffmpeg-static-devel-0.10.7-1.mga2.i586.rpm
libpostproc52-0.10.7-1.mga2.i586.rpm
libswresample0-0.10.7-1.mga2.i586.rpm
libswscaler2-0.10.7-1.mga2.i586.rpm
ffmpeg-debug-0.10.7-1.mga2.i586.rpm
ffmpeg-0.10.7-1.mga2.tainted.i586.rpm
libavcodec53-0.10.7-1.mga2.tainted.i586.rpm
libavfilter2-0.10.7-1.mga2.tainted.i586.rpm
libavformat53-0.10.7-1.mga2.tainted.i586.rpm
libavutil51-0.10.7-1.mga2.tainted.i586.rpm
libffmpeg-devel-0.10.7-1.mga2.tainted.i586.rpm
libffmpeg-static-devel-0.10.7-1.mga2.tainted.i586.rpm
libpostproc52-0.10.7-1.mga2.tainted.i586.rpm
libswresample0-0.10.7-1.mga2.tainted.i586.rpm
libswscaler2-0.10.7-1.mga2.tainted.i586.rpm
ffmpeg-debug-0.10.7-1.mga2.tainted.i586.rpm

x86_64:
ffmpeg-0.10.7-1.mga2.x86_64.rpm
lib64avcodec53-0.10.7-1.mga2.x86_64.rpm
lib64avfilter2-0.10.7-1.mga2.x86_64.rpm
lib64avformat53-0.10.7-1.mga2.x86_64.rpm
lib64avutil51-0.10.7-1.mga2.x86_64.rpm
lib64ffmpeg-devel-0.10.7-1.mga2.x86_64.rpm
lib64ffmpeg-static-devel-0.10.7-1.mga2.x86_64.rpm
lib64postproc52-0.10.7-1.mga2.x86_64.rpm
lib64swresample0-0.10.7-1.mga2.x86_64.rpm
lib64swscaler2-0.10.7-1.mga2.x86_64.rpm
ffmpeg-debug-0.10.7-1.mga2.x86_64.rpm
ffmpeg-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avcodec53-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avfilter2-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avformat53-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avutil51-0.10.7-1.mga2.tainted.x86_64.rpm
lib64ffmpeg-devel-0.10.7-1.mga2.tainted.x86_64.rpm
lib64ffmpeg-static-devel-0.10.7-1.mga2.tainted.x86_64.rpm
lib64postproc52-0.10.7-1.mga2.tainted.x86_64.rpm
lib64swresample0-0.10.7-1.mga2.tainted.x86_64.rpm
lib64swscaler2-0.10.7-1.mga2.tainted.x86_64.rpm
ffmpeg-debug-0.10.7-1.mga2.tainted.x86_64.rpm

SRPMS:
ffmpeg-0.10.7-1.mga2.src.rpm
ffmpeg-0.10.7-1.mga2.tainted.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2495
http://git.videolan.org/?p=ffmpeg.git;a=log;h=refs/heads/release/0.10
https://bugs.mageia.org/show_bug.cgi?id=8881