Advisories | Mandriva

Package name	gstreamer-ffmpeg
Date	September 28th, 2006
Advisory ID	MDKSA-2006:174
Affected versions	2006.0, 2007.0

Problem Description

Gstreamer-ffmpeg uses an embedded copy of ffmpeg and as such has been
updated to address the following issue: Multiple buffer overflows in
libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to
cause a denial of service or possibly execute arbitrary code via
multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c,
(4)sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9)
cook.c, (10)shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c.
NOTE: it is likely that this is a different vulnerability than
CVE-2005-4048 and CVE-2006-2802.

Updated packages have been patched to correct this issue.

Updated Packages

Mandriva Linux 2006

 c49b397719d1143231cb030f9e9cd003  2006.0/i586/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.i586.rpm 
 a0afe9ef876a409ca594b4fdb75921ad  2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.src.rpm

Mandriva Linux 2006/X86_64

 03003e5d2ee3f613a7ccd9552fdc7124  2006.0/x86_64/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.x86_64.rpm 
 a0afe9ef876a409ca594b4fdb75921ad  2006.0/SRPMS/gstreamer-ffmpeg-0.8.6-1.2.20060mdk.src.rpm

Mandriva Linux 2007

 884a134c1ded68502a461754b51dce85  2007.0/i586/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.i586.rpm 
 d30f67740f6f6b9769609e613fd44b59  2007.0/SRPMS/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.src.rpm

Mandriva Linux 2007/X86_64

 90b711e579e72a96441b16b5e38bb5ff  2007.0/x86_64/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.x86_64.rpm 
 d30f67740f6f6b9769609e613fd44b59  2007.0/SRPMS/gstreamer-ffmpeg-0.8.7-3.1mdv2007.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4800

Upgrade

To upgrade automatically, use MandrivaUpdate.

Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

		rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.