Test ID:	1.3.6.1.4.1.25623.1.0.840867
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-1333-1)
Summary:	The remote host is missing an update for the 'libav' package(s) announced via the USN-1333-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libav' package(s) announced via the USN-1333-1 advisory. Vulnerability Insight: Steve Manzuik discovered that Libav incorrectly handled certain malformed Matroska files. If a user were tricked into opening a crafted Matroska file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 11.04. (CVE-2011-3504) Phillip Langlois discovered that Libav incorrectly handled certain malformed QDM2 streams. If a user were tricked into opening a crafted QDM2 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4351) Phillip Langlois discovered that Libav incorrectly handled certain malformed VP3 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4352) Phillip Langlois discovered that Libav incorrectly handled certain malformed VP5 and VP6 streams. If a user were tricked into opening a crafted file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4353) It was discovered that Libav incorrectly handled certain malformed VMD files. If a user were tricked into opening a crafted VMD file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4364) Phillip Langlois discovered that Libav incorrectly handled certain malformed SVQ1 streams. If a user were tricked into opening a crafted SVQ1 stream file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2011-4579) Affected Software/OS: 'libav' package(s) on Ubuntu 11.04, Ubuntu 11.10. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2011-3504 http://www.mandriva.com/security/advisories?name=MDVSA-2012:074 http://www.mandriva.com/security/advisories?name=MDVSA-2012:075 http://www.mandriva.com/security/advisories?name=MDVSA-2012:076 http://technet.microsoft.com/en-us/security/msvr/msvr11-011 http://www.ffmpeg.org/releases/ffmpeg-0.7.5.changelog http://www.ffmpeg.org/releases/ffmpeg-0.8.4.changelog http://www.osvdb.org/75621 http://secunia.com/advisories/45532 http://ubuntu.com/usn/usn-1320-1 http://ubuntu.com/usn/usn-1333-1 Common Vulnerability Exposure (CVE) ID: CVE-2011-4351 Bugtraq: 20111123 NGS00144 Patch Notification: FFmpeg Libavcodec buffer overflow remote code execution (Google Search) http://seclists.org/bugtraq/2011/Nov/145 Common Vulnerability Exposure (CVE) ID: CVE-2011-4352 Bugtraq: 20111123 NGS00145 Patch Notification: FFmpeg Libavcodec out of bounds write remote code execution (Google Search) http://www.securityfocus.com/archive/1/520622 Common Vulnerability Exposure (CVE) ID: CVE-2011-4353 Common Vulnerability Exposure (CVE) ID: CVE-2011-4364 Common Vulnerability Exposure (CVE) ID: CVE-2011-4579 Bugtraq: 20111123 NGS00148 Patch Notification: FFmpeg Libavcodec memory corruption remote code execution (Google Search) http://www.securityfocus.com/archive/1/520620
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.