Nom du paquet
ffmpeg
Date
2013-04-09
Advisory ID
MDVSA-2013:079
Affected versions
MBS1 x86_64

Problem description

Updated ffmpeg packages fix security vulnerabilities:

h264: Add check for invalid chroma_format_idc (CVE-2012-0851)

h263dec: Disallow width/height changing with frame threads
(CVE-2011-3937)

vc1dec: check that coded slice positions and interlacing match. This
fixes out of array writes (CVE-2012-2796)

alsdec: fix number of decoded samples in first sub-block in BGMC mode
(CVE-2012-2790)

cavsdec: check for changing w/h. Our decoder does not support changing
w/h (CVE-2012-2777, CVE-2012-2784)

indeo4: update AVCodecContext width/height on size change
(CVE-2012-2787)

avidec: use actually read size instead of requested size
(CVE-2012-2788)

wmaprodec: check num_vec_coeffs for validity (CVE-2012-2789)

lagarith: check count before writing zeros (CVE-2012-2793)

indeo3: fix out of cell write (CVE-2012-2776)

indeo5: check tile size in decode_mb_info\(\). This prevents writing
into a too small array if some parameters changed without the tile
being reallocated (CVE-2012-2794)

indeo5dec: Make sure we have had a valid gop header. This prevents
decoding happening on a half initialized context (CVE-2012-2779)

indeo4/5: check empty tile size in decode_mb_info\(\). This prevents
writing into a too small array if some parameters changed without
the tile being reallocated (CVE-2012-2800)

dfa: improve boundary checks in decode_dds1\(\) (CVE-2012-2798)

dfa: check that the caller set width/height properly (CVE-2012-2786)

avsdec: Set dimensions instead of relying on the demuxer. The
decode function assumes that the video will have those dimensions
(CVE-2012-2801)

ac3dec: ensure get_buffer\(\) gets a buffer for the correct number
of channels (CVE-2012-2802)

rv34: error out on size changes with frame threading (CVE-2012-2772)

alsdec: check opt_order. Fixes out of array write in quant_cof. Also
make sure no invalid opt_order stays in the context (CVE-2012-2775)

This updates ffmpeg to version 0.10.6 which contains the security
fixes above as well as other bug fixes.

Updated packages

MBS1 x86_64

 7ec17c8836596fed6d4ffb74005d8a99  mbs1/x86_64/ffmpeg-0.10.6-1.mbs1.x86_64.rpm
 7592b8465ea19657f172c72930922601  mbs1/x86_64/lib64avcodec53-0.10.6-1.mbs1.x86_64.rpm
 4d067d38c2d479fe6a289766f8d9908a  mbs1/x86_64/lib64avfilter2-0.10.6-1.mbs1.x86_64.rpm
 b72d0caaf069957fa89d8f115cd43b7a  mbs1/x86_64/lib64avformat53-0.10.6-1.mbs1.x86_64.rpm
 e60a449813850d40a969c5b0f8bd2f62  mbs1/x86_64/lib64avutil51-0.10.6-1.mbs1.x86_64.rpm
 43932d0c784ba4393782d2ce497026fd  mbs1/x86_64/lib64ffmpeg-devel-0.10.6-1.mbs1.x86_64.rpm
 e330d6894485635f68f4748bbc32f846  mbs1/x86_64/lib64ffmpeg-static-devel-0.10.6-1.mbs1.x86_64.rpm
 49acf5dfd84f71781b6aaec19220bdd1  mbs1/x86_64/lib64postproc52-0.10.6-1.mbs1.x86_64.rpm
 2e1033896765ad98629f8b51f7be31a3  mbs1/x86_64/lib64swresample0-0.10.6-1.mbs1.x86_64.rpm
 f132771fcbc699308f8fd1ee7e88ebdb  mbs1/x86_64/lib64swscaler2-0.10.6-1.mbs1.x86_64.rpm 
 561c540d15bb89385f98f777e3297d51  mbs1/SRPMS/ffmpeg-0.10.6-1.mbs1.src.rpm

References