Wednesday, December 19, 2012

[USN-1674-1] Libav vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJQ0cVsAAoJEGVp2FWnRL6TAFcQALpQxS7so0CwvJsPcH5a78IK
Ugg09Sxo9XMqrlPLtXlQ4HqGTKPP/k7knVJlxTYNLSQ9TImF61QftqPkUmmg7sM+
wKjLd9dYrJaQtIw3de0k3r6dMdpQXYF1aAXDsd/kg+bQ98d/SwnpYeX8/xvgVWB/
nB8yfcXahZxOl6UjqxEbBQiuzPvy06BbT/RzCqj+czFHHSvFEHjLtjd8GFsTGd0k
wqx3n42zfaRea+x81QZdhGGA6MoL5HdUVxzH2iLHyWRsJgk2kq1ulE4qlUNzG+hk
UGSIJPcztw9Pd3aJzgYtZlrxlrfCpK1X0DrH5wF04RqeEFmghTM16mRMjCQF5SW/
hCESHdqn/UTLFI+J9Z0AqT6Mn1lsXoiW9BiuvbiKbMgZjlRtWP/Iw72oFdSJb4Yg
SREmK2p/o2mnUvcARKlLPH+cbaQDy4o57hH1AN3/MmXTDBoW7o/KmRxM4tOrVJY+
KsL/TFjzVkF0OLq0kl9fL4gIrZlK/ePZkPudJ1asHMG9BfdjjojjRN/GBVfmuM1D
eJCeT4+mBHHCGg65/bbYGISVyzFFCfVQPXVt2N8eFGvHZ9mq4tBZKpYSj4sU1Dnp
wpZ7xx+ahdpeclkcwiFxI4847mXgif7HnHbLBrTLDrVdh1Xrw489fZi3acBxsbt7
Rsu+kl2h1FqJNMJWp1Kh
=WpTQ
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1674-1
December 19, 2012

libav vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10

Summary:

Libav could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- libav: Multimedia player, server, encoder and transcoder

Details:

It was discovered that Libav incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 11.10:
libavcodec53 4:0.7.6-0ubuntu0.11.10.2
libavformat53 4:0.7.6-0ubuntu0.11.10.2

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1674-1
CVE-2012-2772, CVE-2012-2775, CVE-2012-2777, CVE-2012-2779,
CVE-2012-2784, CVE-2012-2786, CVE-2012-2788, CVE-2012-2789,
CVE-2012-2790, CVE-2012-2793, CVE-2012-2794, CVE-2012-2798,
CVE-2012-2800, CVE-2012-2801

Package Information:
https://launchpad.net/ubuntu/+source/libav/4:0.7.6-0ubuntu0.11.10.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)