Monday, January 28, 2013

[USN-1706-1] FFmpeg vulnerabilities

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBCgAGBQJRBotEAAoJEGVp2FWnRL6ToggP/0thWTwNuRirxFalyTzaI8O3
fuxFJWgTm9BSCKJgnqnRyBxcRRVRjhWO2qlel4WMcpU+2F2fUT3N+U5m5S2i6JCj
HKCc5tcAlghjeVpSA18XzuqVFE+yWFG+Ywm7BHWRaPgoJVRFbujI6o8ECLrdpviQ
QAuNyP5WUBj2C1ukMm/RwROVFzyBmlirubXkwrjUOXF6KUjAVFYqNY8P6dONZlya
h0KTkAcjmSlJtGNqaNPXWGzbRl6PZp+US4k52KB35Qd6ybthrcqgMuPGAwRn7R9h
0WuDKf2OggTOz9KSAEijotqBcUdG9HaqUIPZoRAwEMfREUpgVq5VEQISV5tPYvso
yh5G48U8OU93OdOg9+9VI6tQC92rkJrDYVYItCuJuYUJgy9toP0LSExlIsyQOq4J
mkj0lnbFgS19kuFlbemRBA8D9AaqFV7GasP22CxzRdCuWQ9umzu0oXOQvBjdKfWt
oifbk+SW/sQZys30B2VD92QQNjto58KaT//UAu6ZJvRPFRuolf8EIjYjOJ+3aMvx
zyzTvUj8SSYZa1n5qZZV6gaCb6U2MkfvV7CXm5D/T3LqD40x+E0lzqAcjy2hIDIl
Iz06rLGaaaNIeV7Ylttfqu+hO1Q9KKAybRCnw3Nk/5Y8OSosaU70dlPlXUeqphHf
kSdNMDA+rrXQfjDcktvS
=NPp+
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-1706-1
January 28, 2013

ffmpeg vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 10.04 LTS

Summary:

FFmpeg could be made to crash or run programs as your login if it opened a
specially crafted file.

Software Description:
- ffmpeg: multimedia player, server and encoder

Details:

It was discovered that FFmpeg incorrectly handled certain malformed media
files. If a user were tricked into opening a crafted media file, an
attacker could cause a denial of service via application crash, or possibly
execute arbitrary code with the privileges of the user invoking the
program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 10.04 LTS:
libavcodec52 4:0.5.9-0ubuntu0.10.04.3
libavformat52 4:0.5.9-0ubuntu0.10.04.3

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1706-1
CVE-2012-2783, CVE-2012-2803

Package Information:
https://launchpad.net/ubuntu/+source/ffmpeg/4:0.5.9-0ubuntu0.10.04.3

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)