http://www.mandriva.com/en/support/security/advisories Mandriva security advisories en-us http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:076 Multiple vulnerabilities has been found and corrected in ffmpeg:<br /> <br /> The Matroska format decoder in FFmpeg does not properly allocate<br /> memory, which allows remote attackers to execute arbitrary code via<br /> a crafted file (CVE-2011-3362, CVE-2011-3504).<br /> <br /> cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause<br /> a denial of service (incorrect write operation and application<br /> crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)<br /> file, related to the decode_residual_block, check_for_slice,<br /> and cavs_decode_frame functions, a different vulnerability than<br /> CVE-2011-3362 (CVE-2011-3973).<br /> <br /> Integer signedness error in the decode_residual_inter function in<br /> cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a<br /> denial of service (incorrect write operation and application crash)<br /> via an invalid bitstream in a Chinese AVS video (aka CAVS) file,<br /> a different vulnerability than CVE-2011-3362 (CVE-2011-3974).<br /> <br /> Double free vulnerability in the Theora decoder in FFmpeg allows remote<br /> attackers to cause a denial of service or possibly have unspecified<br /> other impact via a crafted stream (CVE-2011-3892).<br /> <br /> FFmpeg does not properly implement the MKV and Vorbis media<br /> handlers, which allows remote attackers to cause a denial of service<br /> (out-of-bounds read) via unspecified vectors (CVE-2011-3893).<br /> <br /> Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows<br /> remote attackers to cause a denial of service or possibly have<br /> unspecified other impact via a crafted stream (CVE-2011-3895).<br /> <br /> An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited<br /> to cause a buffer overflow (CVE-2011-4351).<br /> <br /> An integer overflow error within the &quot;vp3_dequant()&quot; function<br /> (libavcodec/vp3.c) can be exploited to cause a buffer overflow<br /> (CVE-2011-4352).<br /> <br /> Errors within the &quot;av_image_fill_pointers()&quot;, the &quot;vp5_parse_coeff()&quot;,<br /> and the &quot;vp6_parse_coeff()&quot; functions can be exploited to trigger<br /> out-of-bounds reads (CVE-2011-4353).<br /> <br /> It was discovered that Libav incorrectly handled certain malformed<br /> VMD files. If a user were tricked into opening a crafted VMD file,<br /> an attacker could cause a denial of service via application crash,<br /> or possibly execute arbitrary code with the privileges of the user<br /> invoking the program (CVE-2011-4364).<br /> <br /> It was discovered that Libav incorrectly handled certain malformed SVQ1<br /> streams. If a user were tricked into opening a crafted SVQ1 stream<br /> file, an attacker could cause a denial of service via application<br /> crash, or possibly execute arbitrary code with the privileges of the<br /> user invoking the program (CVE-2011-4579).<br /> <br /> Multiple input validations in the decoders/ demuxers for Westwood<br /> Studios VQA, Apple MJPEG-B, Theora, Matroska, Vorbis, Sony ATRAC3,<br /> DV, NSV, files could lead to the execution of arbitrary code<br /> (CVE-2011-3929, CVE-2011-3936, CVE-2011-3937, CVE-2011-3940,<br /> CVE-2011-3945, CVE-2011-3947, CVE-2012-0853, CVE-2012-0858).<br /> <br /> The updated packages have been upgraded to the 0.7.12 version where<br /> these issues has been corrected. http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:075 Multiple vulnerabilities has been found and corrected in ffmpeg:<br /> <br /> The Matroska format decoder in FFmpeg does not properly allocate<br /> memory, which allows remote attackers to execute arbitrary code via<br /> a crafted file (CVE-2011-3362, CVE-2011-3504).<br /> <br /> cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause<br /> a denial of service (incorrect write operation and application<br /> crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)<br /> file, related to the decode_residual_block, check_for_slice,<br /> and cavs_decode_frame functions, a different vulnerability than<br /> CVE-2011-3362 (CVE-2011-3973).<br /> <br /> Integer signedness error in the decode_residual_inter function in<br /> cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a<br /> denial of service (incorrect write operation and application crash)<br /> via an invalid bitstream in a Chinese AVS video (aka CAVS) file,<br /> a different vulnerability than CVE-2011-3362 (CVE-2011-3974).<br /> <br /> Double free vulnerability in the Theora decoder in FFmpeg allows remote<br /> attackers to cause a denial of service or possibly have unspecified<br /> other impact via a crafted stream (CVE-2011-3892).<br /> <br /> FFmpeg does not properly implement the MKV and Vorbis media<br /> handlers, which allows remote attackers to cause a denial of service<br /> (out-of-bounds read) via unspecified vectors (CVE-2011-3893).<br /> <br /> Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows<br /> remote attackers to cause a denial of service or possibly have<br /> unspecified other impact via a crafted stream (CVE-2011-3895).<br /> <br /> An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited<br /> to cause a buffer overflow (CVE-2011-4351).<br /> <br /> An integer overflow error within the &quot;vp3_dequant()&quot; function<br /> (libavcodec/vp3.c) can be exploited to cause a buffer overflow<br /> (CVE-2011-4352).<br /> <br /> Errors within the &quot;av_image_fill_pointers()&quot;, the &quot;vp5_parse_coeff()&quot;,<br /> and the &quot;vp6_parse_coeff()&quot; functions can be exploited to trigger<br /> out-of-bounds reads (CVE-2011-4353).<br /> <br /> It was discovered that Libav incorrectly handled certain malformed<br /> VMD files. If a user were tricked into opening a crafted VMD file,<br /> an attacker could cause a denial of service via application crash,<br /> or possibly execute arbitrary code with the privileges of the user<br /> invoking the program (CVE-2011-4364).<br /> <br /> It was discovered that Libav incorrectly handled certain malformed SVQ1<br /> streams. If a user were tricked into opening a crafted SVQ1 stream<br /> file, an attacker could cause a denial of service via application<br /> crash, or possibly execute arbitrary code with the privileges of the<br /> user invoking the program (CVE-2011-4579).<br /> <br /> The updated packages have been upgraded to the 0.6.5 version where<br /> these issues has been corrected. http://www.mandriva.com/en/support/security/advisories?name=MDVA-2012:042 It was discovered a linker namespace conflict caused Digikam to<br /> crash. This advisory resolves this problem. http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:074 Multiple vulnerabilities has been found and corrected in ffmpeg:<br /> <br /> The Matroska format decoder in FFmpeg does not properly allocate<br /> memory, which allows remote attackers to execute arbitrary code via<br /> a crafted file (CVE-2011-3362, CVE-2011-3504).<br /> <br /> cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause<br /> a denial of service (incorrect write operation and application<br /> crash) via an invalid bitstream in a Chinese AVS video (aka CAVS)<br /> file, related to the decode_residual_block, check_for_slice,<br /> and cavs_decode_frame functions, a different vulnerability than<br /> CVE-2011-3362 (CVE-2011-3973).<br /> <br /> Integer signedness error in the decode_residual_inter function in<br /> cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a<br /> denial of service (incorrect write operation and application crash)<br /> via an invalid bitstream in a Chinese AVS video (aka CAVS) file,<br /> a different vulnerability than CVE-2011-3362 (CVE-2011-3974).<br /> <br /> FFmpeg does not properly implement the MKV and Vorbis media<br /> handlers, which allows remote attackers to cause a denial of service<br /> (out-of-bounds read) via unspecified vectors (CVE-2011-3893).<br /> <br /> Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows<br /> remote attackers to cause a denial of service or possibly have<br /> unspecified other impact via a crafted stream (CVE-2011-3895).<br /> <br /> An error within the QDM2 decoder (libavcodec/qdm2.c) can be exploited<br /> to cause a buffer overflow (CVE-2011-4351).<br /> <br /> An integer overflow error within the &quot;vp3_dequant()&quot; function<br /> (libavcodec/vp3.c) can be exploited to cause a buffer overflow<br /> (CVE-2011-4352).<br /> <br /> Errors within the &quot;av_image_fill_pointers()&quot;, the &quot;vp5_parse_coeff()&quot;,<br /> and the &quot;vp6_parse_coeff()&quot; functions can be exploited to trigger<br /> out-of-bounds reads (CVE-2011-4353).<br /> <br /> It was discovered that Libav incorrectly handled certain malformed<br /> VMD files. If a user were tricked into opening a crafted VMD file,<br /> an attacker could cause a denial of service via application crash,<br /> or possibly execute arbitrary code with the privileges of the user<br /> invoking the program (CVE-2011-4364).<br /> <br /> It was discovered that Libav incorrectly handled certain malformed SVQ1<br /> streams. If a user were tricked into opening a crafted SVQ1 stream<br /> file, an attacker could cause a denial of service via application<br /> crash, or possibly execute arbitrary code with the privileges of the<br /> user invoking the program (CVE-2011-4579).<br /> <br /> The updated packages have been upgraded to the 0.5.9 version where<br /> these issues has been corrected.<br /> <br /> Additionally a couple of packages needed to be rebuilt for the new<br /> ffmpeg version and is also being provided with this advisory. http://www.mandriva.com/en/support/security/advisories?name=MDVA-2012:041 This is a maintenance and bugfix release that upgrades mysql to the<br /> latest version which resolves various upstream bugs. http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:073 A vulnerability has been found and corrected in openssl:<br /> <br /> A flaw in the OpenSSL handling of CBC mode ciphersuites in DTLS can<br /> be exploited in a denial of service attack on both clients and servers<br /> (CVE-2012-2333).<br /> <br /> The updated packages have been patched to correct this issue. http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:072 Multiple vulnerabilities has been found and corrected in roundcubemail:<br /> <br /> The login form in Roundcube Webmail before 0.5.1 does not properly<br /> handle a correctly authenticated but unintended login attempt, which<br /> makes it easier for remote authenticated users to obtain sensitive<br /> information by arranging for a victim to login to the attacker&#039;s<br /> account and then compose an e-mail message, related to a login CSRF<br /> issue (CVE-2011-1491).<br /> <br /> steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does<br /> not properly verify that a request is an expected request for an<br /> external Cascading Style Sheets (CSS) stylesheet, which allows remote<br /> authenticated users to trigger arbitrary outbound TCP connections<br /> from the server, and possibly obtain sensitive information, via a<br /> crafted request (CVE-2011-1492).<br /> <br /> Cross-site scripting (XSS) vulnerability in the UI messages<br /> functionality in Roundcube Webmail before 0.5.4 allows remote attackers<br /> to inject arbitrary web script or HTML via the _mbox parameter to<br /> the default URI (CVE-2011-2937).<br /> <br /> include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP<br /> 5.3.7 or 5.3.8 is used, allows remote attackers to trigger a GET<br /> request for an arbitrary URL, and cause a denial of service (resource<br /> consumption and inbox outage), via a Subject header containing only<br /> a URL, a related issue to CVE-2011-3379 (CVE-2011-4078).<br /> <br /> The updated packages have been upgraded to the 0.7.2 version which<br /> is not affected by these issues. http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:071 This is a bugfix and security advisory that upgrades php to the<br /> latest 5.3.13 version for Mandriva Linux Enterprise 5.2 which resolves<br /> numerous upstream bugs in php. Please refer to the following Mandriva<br /> advisories for further information:<br /> MDVA-2012:004, MDVSA-2011:165, MDVSA-2011:166, MDVSA-2011:180,<br /> MDVSA-2011:197, MDVSA-2012:065, MDVSA-2012:068, MDVSA-2012:068-1. http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:068-1 A vulnerability has been found and corrected in php(-cgi):<br /> <br /> PHP-CGI-based setups contain a vulnerability when parsing query string<br /> parameters from php files. A remote unauthenticated attacker could<br /> obtain sensitive information, cause a denial of service condition or<br /> may be able to execute arbitrary code with the privileges of the web<br /> server (CVE-2012-1823).<br /> <br /> The updated packages have been patched to correct this issue.<br /> <br /> Update:<br /> <br /> It was discovered that the previous fix for the CVE-2012-1823<br /> vulnerability was incomplete (CVE-2012-2335, CVE-2012-2336). The<br /> updated packages provides the latest version (5.3.13) which provides<br /> a solution to this flaw. http://www.mandriva.com/en/support/security/advisories?name=MDVSA-2012:070 A vulnerability has been found and corrected in samba:<br /> <br /> A file existence dislosure flaw was found in the way mount.cifs tool<br /> of the Samba SMB/CIFS tools suite performed mount of a Linux CIFS<br /> (Common Internet File System) filesystem. A local user, able to<br /> mount a remote CIFS share / target to a local directory could use<br /> this flaw to confirm (non) existence of a file system object (file,<br /> directory or process descriptor) via error messages generated during<br /> the mount.cifs tool run (CVE-2012-1586).<br /> <br /> The updated packages have been patched to correct this issue.