Jump to content
Compatible Support Forums
Sign in to follow this  
news

[gentoo-announce] [ GLSA 201310-12 ] FFmpeg: Multiple vulnerabilities

Recommended Posts

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Gentoo Linux Security Advisory GLSA 201310-12

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

http://security.gentoo.org/

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Severity: High

Title: FFmpeg: Multiple vulnerabilities

Date: October 25, 2013

Bugs: #285719, #307755, #339036, #352481, #365273, #378801,

#382301, #384095, #385511, #389807, #391421, #397893,

#401069, #411369, #420305, #433772, #439054, #454420,

#465496, #473302, #473790, #476218, #482136

ID: 201310-12

 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

Synopsis

========

 

Multiple vulnerabilities were found in FFmpeg, the worst of which might

enable remote attackers to cause user-assisted execution of arbitrary

code.

 

Background

==========

 

FFmpeg is a complete solution to record, convert and stream audio and

video.

 

Affected packages

=================

 

-------------------------------------------------------------------

Package / Vulnerable / Unaffected

-------------------------------------------------------------------

1 media-video/ffmpeg < 1.0.7 >= 1.0.7

 

Description

===========

 

Multiple vulnerabilities have been discovered in FFmpeg. Please review

the CVE identifiers and FFmpeg changelogs referenced below for details.

 

Impact

======

 

A remote attacker could entice a user to open a specially crafted media

file, possibly leading to the execution of arbitrary code with the

privileges of the user running the application or a Denial of Service.

 

Workaround

==========

 

There is no known workaround at this time.

 

Resolution

==========

 

All FFmpeg users should upgrade to the latest version:

 

# emerge --sync

# emerge --ask --oneshot --verbose ">=media-video/ffmpeg-1.0.7"

 

References

==========

 

[ 1 ] CVE-2009-4631

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4631

[ 2 ] CVE-2009-4632

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4632

[ 3 ] CVE-2009-4633

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4633

[ 4 ] CVE-2009-4634

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4634

[ 5 ] CVE-2009-4635

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4635

[ 6 ] CVE-2009-4636

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4636

[ 7 ] CVE-2009-4637

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4637

[ 8 ] CVE-2009-4638

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4638

[ 9 ] CVE-2009-4639

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4639

[ 10 ] CVE-2009-4640

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4640

[ 11 ] CVE-2010-3429

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3429

[ 12 ] CVE-2010-3908

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3908

[ 13 ] CVE-2010-4704

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704

[ 14 ] CVE-2010-4704

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4704

[ 15 ] CVE-2010-4705

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4705

[ 16 ] CVE-2011-1931

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1931

[ 17 ] CVE-2011-3362

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3362

[ 18 ] CVE-2011-3893

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3893

[ 19 ] CVE-2011-3895

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3895

[ 20 ] CVE-2011-3929

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3929

[ 21 ] CVE-2011-3934

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3934

[ 22 ] CVE-2011-3935

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3935

[ 23 ] CVE-2011-3936

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3936

[ 24 ] CVE-2011-3937

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3937

[ 25 ] CVE-2011-3940

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3940

[ 26 ] CVE-2011-3941

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3941

[ 27 ] CVE-2011-3944

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3944

[ 28 ] CVE-2011-3945

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3945

[ 29 ] CVE-2011-3946

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3946

[ 30 ] CVE-2011-3947

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3947

[ 31 ] CVE-2011-3949

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3949

[ 32 ] CVE-2011-3950

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3950

[ 33 ] CVE-2011-3951

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3951

[ 34 ] CVE-2011-3952

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3952

[ 35 ] CVE-2011-3973

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3973

[ 36 ] CVE-2011-3974

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3974

[ 37 ] CVE-2011-4351

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4351

[ 38 ] CVE-2011-4352

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4352

[ 39 ] CVE-2011-4353

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4353

[ 40 ] CVE-2011-4364

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4364

[ 41 ] CVE-2012-0947

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0947

[ 42 ] CVE-2012-2771

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2771

[ 43 ] CVE-2012-2772

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772

[ 44 ] CVE-2012-2773

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2773

[ 45 ] CVE-2012-2774

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2774

[ 46 ] CVE-2012-2775

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775

[ 47 ] CVE-2012-2776

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776

[ 48 ] CVE-2012-2777

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777

[ 49 ] CVE-2012-2778

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2778

[ 50 ] CVE-2012-2779

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779

[ 51 ] CVE-2012-2780

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2780

[ 52 ] CVE-2012-2781

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2781

[ 53 ] CVE-2012-2782

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2782

[ 54 ] CVE-2012-2783

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783

[ 55 ] CVE-2012-2784

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784

[ 56 ] CVE-2012-2785

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2785

[ 57 ] CVE-2012-2786

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786

[ 58 ] CVE-2012-2787

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787

[ 59 ] CVE-2012-2788

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788

[ 60 ] CVE-2012-2789

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789

[ 61 ] CVE-2012-2790

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790

[ 62 ] CVE-2012-2791

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791

[ 63 ] CVE-2012-2792

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2792

[ 64 ] CVE-2012-2793

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793

[ 65 ] CVE-2012-2794

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794

[ 66 ] CVE-2012-2795

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2795

[ 67 ] CVE-2012-2796

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796

[ 68 ] CVE-2012-2797

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797

[ 69 ] CVE-2012-2798

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798

[ 70 ] CVE-2012-2799

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2799

[ 71 ] CVE-2012-2800

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800

[ 72 ] CVE-2012-2801

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801

[ 73 ] CVE-2012-2802

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802

[ 74 ] CVE-2012-2803

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803

[ 75 ] CVE-2012-2804

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804

[ 76 ] CVE-2012-2805

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2805

[ 77 ] CVE-2013-3670

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3670

[ 78 ] CVE-2013-3671

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3671

[ 79 ] CVE-2013-3672

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3672

[ 80 ] CVE-2013-3673

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3673

[ 81 ] CVE-2013-3674

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3674

[ 82 ] CVE-2013-3675

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3675

[ 83 ] FFmpeg 0.10.x Changelog

 

http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/0.10

[ 84 ] FFmpeg 1.0.x Changelog

 

http://git.videolan.org/?p=ffmpeg.git;a=shortlog;h=refs/heads/release/1.0

[ 85 ] NGS Secure Research NGS00068

http://archives.neohapsis.com/archives/bugtraq/2011-04/0258.html

[ 86 ] Secunia Advisory SA36760

http://secunia.com/advisories/36760/

[ 87 ] Secunia Advisory SA46134

https://secunia.com/advisories/46134/

 

Availability

============

 

This GLSA and any updates to it are available for viewing at

the Gentoo Security Website:

 

http://security.gentoo.org/glsa/glsa-201310-12.xml

 

Concerns?

=========

 

Security is a primary focus of Gentoo Linux and ensuring the

confidentiality and security of our users' machines is of utmost

importance to us. Any security concerns should be addressed to

security ( -at -) gentoo.org or alternatively, you may file a bug at

https://bugs.gentoo.org.

 

License

=======

 

Copyright 2013 Gentoo Foundation, Inc; referenced text

belongs to its owner(s).

 

The contents of this document are licensed under the

Creative Commons - Attribution / Share Alike license.

 

http://creativecommons.org/licenses/by-sa/2.5

 

 

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×