| |||||||||||||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.69383 |
| Kategorie: | Ubuntu Local Security Checks |
| Titel: | Ubuntu USN-1104-1 (ffmpeg) |
| Zusammenfassung: | Ubuntu USN-1104-1 (ffmpeg) |
| Beschreibung: | The remote host is missing an update to ffmpeg announced via advisory USN-1104-1. Details follow: Cesar Bernardini and Felipe Andres Manzano discovered that FFmpeg incorrectly handled certain malformed flic files. If a user were tricked into opening a crafted flic file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3429) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed wmv files. If a user were tricked into opening a crafted wmv file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2010-3908) It was discovered that FFmpeg incorrectly handled certain malformed ogg files. If a user were tricked into opening a crafted ogg file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-4704) It was discovered that FFmpeg incorrectly handled certain malformed WebM files. If a user were tricked into opening a crafted WebM file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0480) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed RealMedia files. If a user were tricked into opening a crafted RealMedia file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 8.04 LTS, 9.10 and 10.04 LTS. (CVE-2011-0722) Dan Rosenberg discovered that FFmpeg incorrectly handled certain malformed VC1 files. If a user were tricked into opening a crafted VC1 file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-0723) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libavcodec1d 3:0.cvs20070307-5ubuntu7.6 libavformat1d 3:0.cvs20070307-5ubuntu7.6 Ubuntu 9.10: libavcodec52 4:0.5+svn20090706-2ubuntu2.3 libavformat52 4:0.5+svn20090706-2ubuntu2.3 Ubuntu 10.04 LTS: libavcodec52 4:0.5.1-1ubuntu1.1 libavformat52 4:0.5.1-1ubuntu1.1 Ubuntu 10.10: libavcodec52 4:0.6-2ubuntu6.1 libavformat52 4:0.6-2ubuntu6.1 In general, a standard system update will make all the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-1104-1 Risk factor : Critical |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-3429 Bugtraq: 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference (Google Search) http://www.securityfocus.com/archive/1/archive/1/514009/100/0/threaded http://www.openwall.com/lists/oss-security/2010/09/28/4 http://www.ocert.org/advisories/ocert-2010-004.html Debian Security Information: DSA-2165 (Google Search) http://www.debian.org/security/2011/dsa-2165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 http://www.ubuntu.com/usn/usn-1104-1/ http://secunia.com/advisories/41626 http://secunia.com/advisories/43323 http://www.vupen.com/english/advisories/2010/2517 http://www.vupen.com/english/advisories/2010/2518 http://www.vupen.com/english/advisories/2011/1241 Common Vulnerability Exposure (CVE) ID: CVE-2010-3908 Debian Security Information: DSA-2306 (Google Search) http://www.debian.org/security/2011/dsa-2306 Common Vulnerability Exposure (CVE) ID: CVE-2010-4704 BugTraq ID: 46294 http://www.securityfocus.com/bid/46294 Common Vulnerability Exposure (CVE) ID: CVE-2011-0480 http://article.gmane.org/gmane.comp.video.ffmpeg.devel/122703 BugTraq ID: 45788 http://www.securityfocus.com/bid/45788 http://osvdb.org/70463 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14380 http://secunia.com/advisories/42951 XForce ISS Database: chrome-vorbis-bo(64671) http://xforce.iss.net/xforce/xfdb/64671 Common Vulnerability Exposure (CVE) ID: CVE-2011-0722 BugTraq ID: 47149 http://www.securityfocus.com/bid/47149 Common Vulnerability Exposure (CVE) ID: CVE-2011-0723 http://ffmpeg.mplayerhq.hu/ BugTraq ID: 47151 http://www.securityfocus.com/bid/47151 |
| Copyright | Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 32582 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |
|
Sicherheits Überprüfungen | Verwaltete DNS | Netzwerk Überwachung | Webseiten Analysator | Internet Recherche Berichte
Web Sonde | Whois
© 1998-2013 E-Soft Inc. Alle Rechte vorbehalten.