MGASA-2013-0136
Date: | May 9th, 2013 |
Affected releases: | 2 |
Media: | Core, Tainted |
Description:
Updated ffmpeg packages fix security vulnerabilities:
ivi_common: check that scan pattern is set before using it (CVE-2012-2791).
vp56: release frames on error (CVE-2012-2783).
mpeg12: do not decode extradata more than once (CVE-2012-2803).
mp3: properly forward mp_decode_frame errors (CVE-2012-2797).
vp6: properly fail on unsupported feature (CVE-2012-2783).
aacdec: Fix an off-by-one overwrite when switching to LTP profile from
MAIN (CVE-2012-5144).
indeo3: ensure that decoded cell data is in 7-bit range as presumed by
decoder; when freeing buffers, set pointers referencing them to NULL as
well; initialise pixel planes on allocation (CVE-2012-2804).
oggdec: make sure the private parse data is cleaned up (CVE-2012-2882).
vorbisdec: Error on bark_map_size equal to 0 (CVE-2013-0894).
h264: check for luma and chroma bit depth being equal (CVE-2013-2277).
iff: validate CMAP palette size (CVE-2013-2495).
This updates ffmpeg to version 0.10.7 which contains the security fixes
above as well as other bug fixes.
Updated Packages:
i586:
ffmpeg-0.10.7-1.mga2.i586.rpm
libavcodec53-0.10.7-1.mga2.i586.rpm
libavfilter2-0.10.7-1.mga2.i586.rpm
libavformat53-0.10.7-1.mga2.i586.rpm
libavutil51-0.10.7-1.mga2.i586.rpm
libffmpeg-devel-0.10.7-1.mga2.i586.rpm
libffmpeg-static-devel-0.10.7-1.mga2.i586.rpm
libpostproc52-0.10.7-1.mga2.i586.rpm
libswresample0-0.10.7-1.mga2.i586.rpm
libswscaler2-0.10.7-1.mga2.i586.rpm
ffmpeg-debug-0.10.7-1.mga2.i586.rpm
ffmpeg-0.10.7-1.mga2.tainted.i586.rpm
libavcodec53-0.10.7-1.mga2.tainted.i586.rpm
libavfilter2-0.10.7-1.mga2.tainted.i586.rpm
libavformat53-0.10.7-1.mga2.tainted.i586.rpm
libavutil51-0.10.7-1.mga2.tainted.i586.rpm
libffmpeg-devel-0.10.7-1.mga2.tainted.i586.rpm
libffmpeg-static-devel-0.10.7-1.mga2.tainted.i586.rpm
libpostproc52-0.10.7-1.mga2.tainted.i586.rpm
libswresample0-0.10.7-1.mga2.tainted.i586.rpm
libswscaler2-0.10.7-1.mga2.tainted.i586.rpm
ffmpeg-debug-0.10.7-1.mga2.tainted.i586.rpm
x86_64:
ffmpeg-0.10.7-1.mga2.x86_64.rpm
lib64avcodec53-0.10.7-1.mga2.x86_64.rpm
lib64avfilter2-0.10.7-1.mga2.x86_64.rpm
lib64avformat53-0.10.7-1.mga2.x86_64.rpm
lib64avutil51-0.10.7-1.mga2.x86_64.rpm
lib64ffmpeg-devel-0.10.7-1.mga2.x86_64.rpm
lib64ffmpeg-static-devel-0.10.7-1.mga2.x86_64.rpm
lib64postproc52-0.10.7-1.mga2.x86_64.rpm
lib64swresample0-0.10.7-1.mga2.x86_64.rpm
lib64swscaler2-0.10.7-1.mga2.x86_64.rpm
ffmpeg-debug-0.10.7-1.mga2.x86_64.rpm
ffmpeg-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avcodec53-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avfilter2-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avformat53-0.10.7-1.mga2.tainted.x86_64.rpm
lib64avutil51-0.10.7-1.mga2.tainted.x86_64.rpm
lib64ffmpeg-devel-0.10.7-1.mga2.tainted.x86_64.rpm
lib64ffmpeg-static-devel-0.10.7-1.mga2.tainted.x86_64.rpm
lib64postproc52-0.10.7-1.mga2.tainted.x86_64.rpm
lib64swresample0-0.10.7-1.mga2.tainted.x86_64.rpm
lib64swscaler2-0.10.7-1.mga2.tainted.x86_64.rpm
ffmpeg-debug-0.10.7-1.mga2.tainted.x86_64.rpm
SRPMS:
ffmpeg-0.10.7-1.mga2.src.rpm
ffmpeg-0.10.7-1.mga2.tainted.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2783
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2791
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2797
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2804
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2882
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5144
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0894
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2495
http://git.videolan.org/?p=ffmpeg.git;a=log;h=refs/heads/release/0.10
https://bugs.mageia.org/show_bug.cgi?id=8881