Bug 3000

Summary: security update for gstreamer0.10-ffmpeg
Product: Mageia Reporter: Florian Hubold <doktor5000>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: davidwhodgins, dmorganec, sysadmin-bugs
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Florian Hubold 2011-10-09 20:04:33 CEST 
Description of problem:

There is now gstreamer0.10-ffmpeg-0.10.11-3.1.mga in core/updates_testing to validate.
-------------------------------------------------------


Suggested advisory:
-------------------
This update addresses the folloving CVEs:

- CVE-2011-1196
 (denial of service and possible code execution via malformed OGG file)
  http://code.google.com/p/chromium/issues/detail?id=71788

- CVE-2011-3362
  (arbitrary code execution via malformed CAVS file)
  http://www.ocert.org/advisories/ocert-2011-002.html

- CVE-2011-1931
  (denial of service and possible code execution via malformed AMV file)
  http://seclists.org/bugtraq/2011/Apr/257

- CVE-2011-2161
  (denial of service via malformed APE file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2161

- CVE-2011-0480
  (denial of service and possible code execution via crafted WebM file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480

- CVE-2011-0723
  (denial of service and possible code execution via crafted VC1 file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0723

- CVE-2010-3429
  (arbitrary offset dereference vulnerability in flic video codec)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429

- CVE-2010-4704
  (denial of service via crafted .ogg file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704

Other fixes in this release:

- fix unchecked return values of function "svq3_get_ue_golomb()" that may cause
a crash, patch from upstream, rediffed for our ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=patch;h=979bea13003ef489d95d2538ac2fb1c26c6f103b
-------------------------------------------------------
Steps to reproduce:

- install/update to update candidate

Additional Notes:

- FWIW the first two issues and the "Other fixes in this release" are the same as in https://bugs.mageia.org/show_bug.cgi?id=2820 as gstreamer0.10-ffmpeg contains a bundled copy of ffmpeg.

- for CVE-2011-2161 see the following link for a perl skript to create a file that can be used to crash ffmpeg/VLC: http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt
Comment 1 Dave Hodgins 2011-10-10 01:52:47 CEST 
For testing this one I used arista to convert a video from .ogg format
to .webm.

# urpmi arista
$ arista-gtk
Select the Source dropdown, then file, then the actual file.
Select the Device dropdown, then Web Browser.
Select Add to queue.

Note. There is no sound during the conversion (live preview of the video
is shown), but there is sound in the final file, when played back.
For testing, pick a short video. :-)

Testing complete on i586.

CC: (none) => davidwhodgins

Comment 2 claire robinson 2011-10-10 12:25:55 CEST 
Testing complete x86_64

Advisory:
-------------------
This update addresses the folloving CVEs:

- CVE-2011-1196
 (denial of service and possible code execution via malformed OGG file)
  http://code.google.com/p/chromium/issues/detail?id=71788

- CVE-2011-3362
  (arbitrary code execution via malformed CAVS file)
  http://www.ocert.org/advisories/ocert-2011-002.html

- CVE-2011-1931
  (denial of service and possible code execution via malformed AMV file)
  http://seclists.org/bugtraq/2011/Apr/257

- CVE-2011-2161
  (denial of service via malformed APE file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2161

- CVE-2011-0480
  (denial of service and possible code execution via crafted WebM file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480

- CVE-2011-0723
  (denial of service and possible code execution via crafted VC1 file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0723

- CVE-2010-3429
  (arbitrary offset dereference vulnerability in flic video codec)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3429

- CVE-2010-4704
  (denial of service via crafted .ogg file)
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4704

Other fixes in this release:

- fix unchecked return values of function "svq3_get_ue_golomb()" that may cause
a crash, patch from upstream, rediffed for our ffmpeg:
http://git.videolan.org/?p=ffmpeg.git;a=patch;h=979bea13003ef489d95d2538ac2fb1c26c6f103b
-------------------------------------------------------


SRPM: gstreamer0.10-ffmpeg-0.10.11-3.1.mga1.src.rpm


Could sysadmin please push from core/updates_testing to core/updates. No linking required.


Thankyou!

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 3 D Morgan 2011-10-15 02:18:46 CEST 
update pushed.

Status: NEW => RESOLVED
CC: (none) => dmorganec
Resolution: (none) => FIXED