Mandrake Local Security Checks : Mandriva Update for ffmpeg MDVSA-2012:076 (ffmpeg)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.831563
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for ffmpeg MDVSA-2012:076 (ffmpeg)
Resumen:	The remote host is missing an update for the 'ffmpeg'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in ffmpeg: The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). cavsdec.c in libavcodec in FFmpeg allows remote attackers to cause a denial of service (incorrect write operation and application crash) via an invalid bitstream in a Chinese AVS video (aka CAVS) file, related to the decode_residual_block, check_for_slice, and cavs_decode_frame functions, a different vulnerability than CVE-2011-3362 (CVE-2011-3973). Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3892). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). Heap-based buffer overflow in the Vorbis decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3895). Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: ffmpeg on Mandriva Linux 2011.0 Solution: Please Install the Updated Packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3362 http://www.ocert.org/advisories/ocert-2011-002.html http://www.openwall.com/lists/oss-security/2011/09/13/4 http://www.openwall.com/lists/oss-security/2011/09/14/8 http://secunia.com/advisories/45532 Common Vulnerability Exposure (CVE) ID: CVE-2011-3504 http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 http://technet.microsoft.com/en-us/security/msvr/msvr11-011 http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog http://www.osvdb.org/75621 http://ubuntu.com/usn/usn-1320-1 http://ubuntu.com/usn/usn-1333-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3973 Common Vulnerability Exposure (CVE) ID: CVE-2011-3974 Common Vulnerability Exposure (CVE) ID: CVE-2011-3892 Debian Security Information: DSA-2471 (Google Search) http://www.debian.org/security/2012/dsa-2471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14484 http://secunia.com/advisories/46933 http://secunia.com/advisories/49089 Common Vulnerability Exposure (CVE) ID: CVE-2011-3893 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14267 Common Vulnerability Exposure (CVE) ID: CVE-2011-3895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13551 Common Vulnerability Exposure (CVE) ID: CVE-2011-4351 Bugtraq: 20111123 NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (Google Search) http://seclists.org/bugtraq/2011/Nov/145 Common Vulnerability Exposure (CVE) ID: CVE-2011-4352 Bugtraq: 20111123 NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (Google Search) http://www.securityfocus.com/archive/1/520622 Common Vulnerability Exposure (CVE) ID: CVE-2011-4353 Common Vulnerability Exposure (CVE) ID: CVE-2011-4364 Common Vulnerability Exposure (CVE) ID: CVE-2011-4579 Bugtraq: 20111123 NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (Google Search) http://www.securityfocus.com/archive/1/520620 Common Vulnerability Exposure (CVE) ID: CVE-2011-3929 http://www.ubuntu.com/usn/USN-1479-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3936 Common Vulnerability Exposure (CVE) ID: CVE-2011-3937 http://www.mandriva.com/security/advisories?name=MDVSA-2013:079 Common Vulnerability Exposure (CVE) ID: CVE-2011-3940 Common Vulnerability Exposure (CVE) ID: CVE-2011-3945 Common Vulnerability Exposure (CVE) ID: CVE-2011-3947 Common Vulnerability Exposure (CVE) ID: CVE-2012-0853 http://www.openwall.com/lists/oss-security/2012/02/14/4 Common Vulnerability Exposure (CVE) ID: CVE-2012-0858
Copyright	Copyright (C) 2012 Greenbone AG