ID de Prueba:	1.3.6.1.4.1.25623.1.0.831634
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Update for ffmpeg MDVSA-2012:075 (ffmpeg)
Resumen:	The remote host is missing an update for the 'ffmpeg'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'ffmpeg' package(s) announced via the referenced advisory. Vulnerability Insight: Multiple vulnerabilities has been found and corrected in ffmpeg: The Matroska format decoder in FFmpeg does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file (CVE-2011-3362, CVE-2011-3504). Double free vulnerability in the Theora decoder in FFmpeg allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted stream (CVE-2011-3892). FFmpeg does not properly implement the MKV and Vorbis media handlers, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors (CVE-2011-3893). The updated packages have been upgraded to the 0.6.5 version where these issues has been corrected. Description truncated, please see the referenced URL(s) for more information. Affected Software/OS: ffmpeg on Mandriva Linux 2010.1 Solution: Please Install the Updated Packages. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3362 http://www.ocert.org/advisories/ocert-2011-002.html http://www.openwall.com/lists/oss-security/2011/09/13/4 http://www.openwall.com/lists/oss-security/2011/09/14/8 http://secunia.com/advisories/45532 Common Vulnerability Exposure (CVE) ID: CVE-2011-3504 http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 http://technet.microsoft.com/en-us/security/msvr/msvr11-011 http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog http://www.osvdb.org/75621 http://ubuntu.com/usn/usn-1320-1 http://ubuntu.com/usn/usn-1333-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-3973 Common Vulnerability Exposure (CVE) ID: CVE-2011-3974 Common Vulnerability Exposure (CVE) ID: CVE-2011-3892 Debian Security Information: DSA-2471 (Google Search) http://www.debian.org/security/2012/dsa-2471 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14484 http://secunia.com/advisories/46933 http://secunia.com/advisories/49089 Common Vulnerability Exposure (CVE) ID: CVE-2011-3893 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14267 Common Vulnerability Exposure (CVE) ID: CVE-2011-3895 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A13551 Common Vulnerability Exposure (CVE) ID: CVE-2011-4351 Bugtraq: 20111123 NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (Google Search) http://seclists.org/bugtraq/2011/Nov/145 Common Vulnerability Exposure (CVE) ID: CVE-2011-4352 Bugtraq: 20111123 NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (Google Search) http://www.securityfocus.com/archive/1/520622 Common Vulnerability Exposure (CVE) ID: CVE-2011-4353 Common Vulnerability Exposure (CVE) ID: CVE-2011-4364 Common Vulnerability Exposure (CVE) ID: CVE-2011-4579 Bugtraq: 20111123 NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (Google Search) http://www.securityfocus.com/archive/1/520620
Copyright	Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.