ID de Prueba:	1.3.6.1.4.1.25623.1.0.831360
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for ffmpeg MDVSA-2011:062 (ffmpeg)
Resumen:	The remote host is missing an update for the 'ffmpeg'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been identified and fixed in ffmpeg: FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636) flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429) libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704) Fix heap corruption crashes (CVE-2011-0722) Fix invalid reads in VC-1 decoding (CVE-2011-0723) And several additional vulnerabilities originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues. Affected Software/OS: ffmpeg on Mandriva Linux 2010.1, Mandriva Linux 2010.1/X86_64 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4636 BugTraq ID: 36465 http://www.securityfocus.com/bid/36465 Debian Security Information: DSA-2000 (Google Search) http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://www.vupen.com/english/advisories/2011/1241 Common Vulnerability Exposure (CVE) ID: CVE-2010-3429 Bugtraq: 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference (Google Search) http://www.securityfocus.com/archive/1/514009/100/0/threaded Debian Security Information: DSA-2165 (Google Search) http://www.debian.org/security/2011/dsa-2165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.ocert.org/advisories/ocert-2010-004.html http://www.openwall.com/lists/oss-security/2010/09/28/4 http://secunia.com/advisories/41626 http://secunia.com/advisories/43323 http://www.ubuntu.com/usn/usn-1104-1/ http://www.vupen.com/english/advisories/2010/2517 http://www.vupen.com/english/advisories/2010/2518 Common Vulnerability Exposure (CVE) ID: CVE-2010-4704 BugTraq ID: 46294 http://www.securityfocus.com/bid/46294 Debian Security Information: DSA-2306 (Google Search) http://www.debian.org/security/2011/dsa-2306 Common Vulnerability Exposure (CVE) ID: CVE-2011-0722 BugTraq ID: 47149 http://www.securityfocus.com/bid/47149 Common Vulnerability Exposure (CVE) ID: CVE-2011-0723 BugTraq ID: 47151 http://www.securityfocus.com/bid/47151 http://ffmpeg.mplayerhq.hu/
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.