i don't see new release for 2.0.x

I (or someone) will need to ask upstream to cut a new 2.0.x release, like I did last time.

can you please ? :)

There's also CVE-2015-3395, fixed in versions such as 2.4.8 and 2.2.15.

Summary: ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], and CVE-2015-1872 => ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], CVE-2015-1872, CVE-2015-3395

LWN references:
http://lwn.net/Vulnerabilities/636942/
http://lwn.net/Vulnerabilities/645049/
http://lwn.net/Vulnerabilities/645051/

Assigned to the package maintainer.

(Please set the status to 'assigned' if you are working on it)

Keywords: (none) => Triaged
CC: (none) => marja11
Assignee: bugsquad => shlomif

(In reply to David Walser from comment #4)
> There's also CVE-2015-3395, fixed in versions such as 2.4.8 and 2.2.15.

David, can you ask for a new upstream release of 2.0.x?

Yes I can.  I keep forgetting to do it :o(

If someone could ping me on IRC when I'm actually online as Luigi12_work next week, I'll try to do it then.  Monday or Tuesday would probably be best.  I'll be in class then too, but I'll actually be the one teaching Wednesday through Friday so I'll be less available then.

Better give Shlomi your contact info with upstream, so he can ask for this release himself :) Now and in the future when it's needed again.

Contact information is the upstream maintainer Michael Niedermayer (michaelni) in #ffmpeg-devel on Freenode.  He has released a 2.0.7 tarball for us.  It fixes all of the CVEs previously mentioned, except for CVE-2014-9319 which doesn't apply to 2.0.x.

Updated package uploaded for Mageia 4.

Note that there are both core and tainted builds for this package.

Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=8065#c6
https://bugs.mageia.org/show_bug.cgi?id=14042#c6

Advisory:
========================

Updated ffmpeg packages fix security vulnerabilities:

The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via vectors related to
LJIF tags in an MJPEG file (CVE-2014-9316).

The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.0.7
allows remote attackers to cause a denial of service (out-of-bounds heap
access) and possibly have other unspecified impact via an IDAT before an IHDR
in a PNG file (CVE-2014-9317).

The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.0.7 allows
remote attackers to cause a denial of service (out-of-bounds heap access) and
possibly have other unspecified impact via a crafted .cine file that triggers
the avpicture_get_size function to return a negative frame size
(CVE-2014-9318).

The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.0.7 does
not validate the relationship between a certain length value and the frame
width, which allows remote attackers to cause a denial of service
(out-of-bounds array access) or possibly have unspecified other impact via
crafted Sierra VMD video data (CVE-2014-9603).

libavcodec/utvideodec.c in FFmpeg before 2.0.7 does not check for a zero
value of a slice height, which allows remote attackers to cause a denial of
service (out-of-bounds array access) or possibly have unspecified other
impact via crafted Ut Video data, related to the restore_median and
restore_median_il functions (CVE-2014-9604).

An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg,
in order to trigger a denial of service (CVE-2015-1872).

The msrle_decode_pal4 function in libavcodec/msrledec.c in FFmpeg before
2.0.7 has an out-of-bounds array access that may allow remote attackers to
cause a denial of service or possibly have unspecified other impact via a
crafted BMP file (CVE-2015-3395).

Use-after-free vulnerability in the ff_h264_free_tables function in
libavcodec/h264.c in FFmpeg before 2.0.7 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via crafted H.264
data in an MP4 file, as demonstrated by an HTML VIDEO element that references
H.264 data (CVE-2015-3417).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1872
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3417
http://vigilance.fr/vulnerability/FFmpeg-unreachable-memory-reading-via-mjpegdec-c-16213
http://git.videolan.org/?p=ffmpeg.git;a=log;h=n2.0.7
http://ffmpeg.org/olddownload.html
http://ffmpeg.org/security.html
========================

Updated packages in {core,tainted}/updates_testing:
========================
ffmpeg-2.0.7-1.mga4
libavcodec55-2.0.7-1.mga4
libpostproc52-2.0.7-1.mga4
libavformat55-2.0.7-1.mga4
libavutil52-2.0.7-1.mga4
libswscaler2-2.0.7-1.mga4
libavfilter3-2.0.7-1.mga4
libswresample0-2.0.7-1.mga4
libffmpeg-devel-2.0.7-1.mga4
libffmpeg-static-devel-2.0.7-1.mga4

from ffmpeg-2.0.7-1.mga4.src.rpm

Assignee: shlomif => qa-bugs
Summary: ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], CVE-2015-1872, CVE-2015-3395, CVE-2015-3417 => ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-8], CVE-2015-1872, CVE-2015-3395, CVE-2015-3417

David Walser: that's great! Thanks!

CC: (none) => shlomif

In VirtualBox, M4, KDE, 32-bit

Package(s) under test:
ffmpeg libavcodec55 libavfilter3 libavformat55 libavutil52 libpostproc52
libswresample0 libswscaler2

default install of ffmpeg libavcodec55 libavfilter3 libavformat55 libavutil52 libpostproc52
libswresample0 libswscaler2

[root@localhost wilcal]# urpmi ffmpeg
Package ffmpeg-2.0.6-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavcodec55
Package libavcodec55-2.0.6-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavfilter3
Package libavfilter3-2.0.6-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavformat55
Package libavformat55-2.0.6-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavutil52
Package libavutil52-2.0.6-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libpostproc52
Package libpostproc52-2.0.6-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libswresample0
Package libswresample0-2.0.6-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libswscaler2
Package libswscaler2-2.0.6-1.mga4.tainted.i586 is already installed

ffmpeg -i canon_org.mov           -ar 22050  -s 240x140  canon.mp4
ffmpeg -i ob_org.flv              -ar 22050  -s 240x140  ob.wmv
ffmpeg -i old_trolly_org.mp4      -ar 48000  -vb 303000  -r 30  -s 640x480  -aspect 4:3 -vcodec mpeg4  old_trolly_resize.mp4
ffmpeg -i waiting_for_santa_org.wmv   -ar 48000  waiting_for_santa.mp4
ffmpeg -i star_wars_org.wav star_wars.mp3
ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm
ffmpeg -i james_bond_theme.webm james_bond_theme.flac
ffmpeg -i waiting_for_santa_org.wmv  waiting_for_santa.mp3
All processes proceeded correctly.
OpenShot edits videos+audio correctly.

install ffmpeg libavcodec55 libavfilter3 libavformat55 libavutil52 libpostproc52
libswresample0 libswscaler2 from updates_testing

[root@localhost wilcal]# urpmi ffmpeg
Package ffmpeg-2.0.7-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavcodec55
Package libavcodec55-2.0.7-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavfilter3
Package libavfilter3-2.0.7-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavformat55
Package libavformat55-2.0.7-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libavutil52
Package libavutil52-2.0.7-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libpostproc52
Package libpostproc52-2.0.7-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libswresample0
Package libswresample0-2.0.7-1.mga4.tainted.i586 is already installed
[root@localhost wilcal]# urpmi libswscaler2
Package libswscaler2-2.0.7-1.mga4.tainted.i586 is already installed

ffmpeg -i canon_org.mov           -ar 22050  -s 240x140  canon.mp4
ffmpeg -i ob_org.flv              -ar 22050  -s 240x140  ob.wmv
ffmpeg -i old_trolly_org.mp4      -ar 48000  -vb 303000  -r 30  -s 640x480  -aspect 4:3 -vcodec mpeg4  old_trolly_resize.mp4
ffmpeg -i waiting_for_santa_org.wmv   -ar 48000  waiting_for_santa.mp4
ffmpeg -i star_wars_org.wav star_wars.mp3
ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm
ffmpeg -i james_bond_theme.webm james_bond_theme.flac
ffmpeg -i waiting_for_santa_org.wmv  waiting_for_santa.mp3
All processes proceeded correctly.
OpenShot edits videos+audio correctly.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.26-1.mga4.x86_64
virtualbox-guest-additions-4.3.26-1.mga4.x86_64

CC: (none) => wilcal.int

In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
ffmpeg lib64avcodec55 lib64avfilter3 lib64avformat55 lib64avutil52 lib64postproc52
lib64swresample0 lib64swscaler2

default install of ffmpeg lib64avcodec55 lib64avfilter3 lib64avformat55 lib64avutil52 lib64postproc52
lib64swresample0 lib64swscaler2

[root@localhost wilcal]# urpmi ffmpeg
Package ffmpeg-2.0.6-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avcodec55
Package lib64avcodec55-2.0.6-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avfilter3
Package lib64avfilter3-2.0.6-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avformat55
Package lib64avformat55-2.0.6-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avutil52
Package lib64avutil52-2.0.6-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64postproc52
Package lib64postproc52-2.0.6-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64swresample0
Package lib64swresample0-2.0.6-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64swscaler2
Package lib64swscaler2-2.0.6-1.mga4.tainted.x86_64 is already installed

ffmpeg -i canon_org.mov           -ar 22050  -s 240x140  canon.mp4
ffmpeg -i ob_org.flv              -ar 22050  -s 240x140  ob.wmv
ffmpeg -i old_trolly_org.mp4      -ar 48000  -vb 303000  -r 30  -s 640x480  -aspect 4:3 -vcodec mpeg4  old_trolly_resize.mp4
ffmpeg -i waiting_for_santa_org.wmv   -ar 48000  waiting_for_santa.mp4
ffmpeg -i star_wars_org.wav star_wars.mp3
ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm
ffmpeg -i james_bond_theme.webm james_bond_theme.flac
ffmpeg -i waiting_for_santa_org.wmv  waiting_for_santa.mp3
All processes proceeded correctly.
OpenShot edits videos+audio correctly.

install ffmpeg ffmpeg lib64avcodec55 lib64avfilter3 lib64avformat55 lib64avutil52 lib64postproc52
lib64swresample0 lib64swscaler2 from updates_testing

[root@localhost wilcal]# urpmi ffmpeg
Package ffmpeg-2.0.7-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avcodec55
Package lib64avcodec55-2.0.7-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avfilter3
Package lib64avfilter3-2.0.7-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avformat55
Package lib64avformat55-2.0.7-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64avutil52
Package lib64avutil52-2.0.7-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64postproc52
Package lib64postproc52-2.0.7-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64swresample0
Package lib64swresample0-2.0.7-1.mga4.tainted.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64swscaler2
Package lib64swscaler2-2.0.7-1.mga4.tainted.x86_64 is already installed

ffmpeg -i canon_org.mov           -ar 22050  -s 240x140  canon.mp4
ffmpeg -i ob_org.flv              -ar 22050  -s 240x140  ob.wmv
ffmpeg -i old_trolly_org.mp4      -ar 48000  -vb 303000  -r 30  -s 640x480  -aspect 4:3 -vcodec mpeg4  old_trolly_resize.mp4
ffmpeg -i waiting_for_santa_org.wmv   -ar 48000  waiting_for_santa.mp4
ffmpeg -i star_wars_org.wav star_wars.mp3
ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm
ffmpeg -i james_bond_theme.webm james_bond_theme.flac
ffmpeg -i waiting_for_santa_org.wmv  waiting_for_santa.mp3
All processes proceeded correctly.
OpenShot edits videos+audio correctly.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.26-1.mga4.x86_64
virtualbox-guest-additions-4.3.26-1.mga4.x86_64

This update works fine.
Testing complete for mga4 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push this to updates.
Thanks

Keywords: (none) => validated_update
Whiteboard: (none) => MGA4-32-OK MGA4-64-OK
CC: (none) => sysadmin-bugs

LWN reference for some of the CVEs:
http://lwn.net/Vulnerabilities/645049/
http://lwn.net/Vulnerabilities/648182/

Advisory uploaded. Someone from the sysadmin team please push this update.

CC: (none) => davidwhodgins
Whiteboard: MGA4-32-OK MGA4-64-OK => MGA4-32-OK MGA4-64-OK advisory

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0245.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

LWN reference for CVE-2014-9318:
http://lwn.net/Vulnerabilities/648690/