Bug 6483

Summary: mplayer affected by security issues fixed in ffmpeg 0.6.6
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: davidwhodgins, stormi-mageia, sysadmin-bugs, tmb
Version: 1Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard: mga1-64-OK mga1-32-OK
Source RPM: mplayer-1.0-1.rc4.0.r32713.5.3.mga1.src.rpm CVE:
Status comment:
Bug Depends on:    
Bug Blocks: 6427    

Description David Walser 2012-06-17 00:14:34 CEST 
ffmpeg 0.6.6 was released on June 9th, fixing several security issues.

Patches for those issues were pulled from ffmpeg git and applied to mplayer.

Advisory:
========================

Updated mplayer packages fix security vulnerabilities:

* nsvdec: Fix use of uninitialized streams, Be more careful with
          av_malloc(), nsvdec: Propagate errors (CVE-2011-3940)

* dv: Fix small stack overread, check stype, Fix null pointer
      dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936)

* atrac3: Fix crash in tonal component decoding (CVE-2012-0853)

* mjpegbdec: Fix overflow in SOS (CVE-2011-3947)

* kgv1dec: Increase offsets array size so it is large enough
           (CVE-2011-3945)

* vqavideo: return error if image size is not a multiple of block size
            (CVE-2012-0947)

* dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951)

* aacsbr: prevent out of bounds memcpy() (CVE-2012-0850)

* h264: Add check for invalid chroma_format_idc (CVE-2012-0851)

* adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852)

* shorten: Use separate pointers for the allocated memory for decoded
           samples, check for realloc failure (CVE-2012-0858)

* kmvc: Check palsize (CVE-2011-3952)

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947
========================

Updated packages in {core,tainted}/updates_testing:
========================
mplayer-1.0-1.rc4.0.r32713.5.4.mga1
mplayer-doc-1.0-1.rc4.0.r32713.5.4.mga1
mplayer-gui-1.0-1.rc4.0.r32713.5.4.mga1
mencoder-1.0-1.rc4.0.r32713.5.4.mga1

from mplayer-1.0-1.rc4.0.r32713.5.4.mga1.src.rpm
David Walser 2012-06-17 00:15:16 CEST

Blocks: (none) => 6427

Comment 1 Dave Hodgins 2012-06-23 02:44:27 CEST 
I don't see any poc for the cves, so just testing that mplayer works.

I'll shortly be testing both Mageia 1 Core Updates testing, and then
Tainted updates Testing.

CC: (none) => davidwhodgins

Comment 2 Dave Hodgins 2012-06-23 03:10:49 CEST 
Testing complete on Mageia 1 i586 for the srpms
mplayer-1.0-1.rc4.0.r32713.5.4.mga1.src.rpm
mplayer-1.0-1.rc4.0.r32713.5.4.mga1.tainted.src.rpm

Whiteboard: (none) => mga1-32-OK

Comment 3 Samuel Verschelde 2012-07-08 13:56:58 CEST 
Testing complete on Mageia 1 x86_64.

Update validated.

See comment #0 for SRPMs and advisory

Keywords: (none) => validated_update
CC: (none) => stormi
Whiteboard: mga1-32-OK => mga1-64-OK mga1-32-OK

Samuel Verschelde 2012-07-08 14:03:23 CEST

CC: (none) => sysadmin-bugs

Comment 4 Thomas Backlund 2012-07-09 16:22:37 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0141

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED