Several new CVEs have been fixed in FFmpeg versions newer than 2.0.6 (such as 2.4.4 through 2.4.7 and 2.2.11 through 2.2.13): http://ffmpeg.org/security.html We'll need to get a new 2.0.x release from upstream for Mageia 4. Reproducible: Steps to Reproduce:
CC: (none) => cvargas, dglent, dirteat, geiger.david68210, juan.baptiste, mageia, mageia, zen25000
i don't see new release for 2.0.x
I (or someone) will need to ask upstream to cut a new 2.0.x release, like I did last time.
can you please ? :)
There's also CVE-2015-3395, fixed in versions such as 2.4.8 and 2.2.15.
Summary: ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], and CVE-2015-1872 => ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], CVE-2015-1872, CVE-2015-3395
CC: juan.baptiste => (none)
Summary: ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], CVE-2015-1872, CVE-2015-3395 => ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], CVE-2015-1872, CVE-2015-3395, CVE-2015-3417
LWN references: http://lwn.net/Vulnerabilities/636942/ http://lwn.net/Vulnerabilities/645049/ http://lwn.net/Vulnerabilities/645051/
Assigned to the package maintainer. (Please set the status to 'assigned' if you are working on it)
Keywords: (none) => TriagedCC: (none) => marja11Assignee: bugsquad => shlomif
(In reply to David Walser from comment #4) > There's also CVE-2015-3395, fixed in versions such as 2.4.8 and 2.2.15. David, can you ask for a new upstream release of 2.0.x?
Yes I can. I keep forgetting to do it :o( If someone could ping me on IRC when I'm actually online as Luigi12_work next week, I'll try to do it then. Monday or Tuesday would probably be best. I'll be in class then too, but I'll actually be the one teaching Wednesday through Friday so I'll be less available then.
Better give Shlomi your contact info with upstream, so he can ask for this release himself :) Now and in the future when it's needed again.
Contact information is the upstream maintainer Michael Niedermayer (michaelni) in #ffmpeg-devel on Freenode. He has released a 2.0.7 tarball for us. It fixes all of the CVEs previously mentioned, except for CVE-2014-9319 which doesn't apply to 2.0.x. Updated package uploaded for Mageia 4. Note that there are both core and tainted builds for this package. Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=8065#c6 https://bugs.mageia.org/show_bug.cgi?id=14042#c6 Advisory: ======================== Updated ffmpeg packages fix security vulnerabilities: The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via vectors related to LJIF tags in an MJPEG file (CVE-2014-9316). The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via an IDAT before an IHDR in a PNG file (CVE-2014-9317). The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.0.7 allows remote attackers to cause a denial of service (out-of-bounds heap access) and possibly have other unspecified impact via a crafted .cine file that triggers the avpicture_get_size function to return a negative frame size (CVE-2014-9318). The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before 2.0.7 does not validate the relationship between a certain length value and the frame width, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Sierra VMD video data (CVE-2014-9603). libavcodec/utvideodec.c in FFmpeg before 2.0.7 does not check for a zero value of a slice height, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted Ut Video data, related to the restore_median and restore_median_il functions (CVE-2014-9604). An attacker can force a read at an invalid address in mjpegdec.c of FFmpeg, in order to trigger a denial of service (CVE-2015-1872). The msrle_decode_pal4 function in libavcodec/msrledec.c in FFmpeg before 2.0.7 has an out-of-bounds array access that may allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted BMP file (CVE-2015-3395). Use-after-free vulnerability in the ff_h264_free_tables function in libavcodec/h264.c in FFmpeg before 2.0.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted H.264 data in an MP4 file, as demonstrated by an HTML VIDEO element that references H.264 data (CVE-2015-3417). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9316 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9318 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9603 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9604 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1872 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3417 http://vigilance.fr/vulnerability/FFmpeg-unreachable-memory-reading-via-mjpegdec-c-16213 http://git.videolan.org/?p=ffmpeg.git;a=log;h=n2.0.7 http://ffmpeg.org/olddownload.html http://ffmpeg.org/security.html ======================== Updated packages in {core,tainted}/updates_testing: ======================== ffmpeg-2.0.7-1.mga4 libavcodec55-2.0.7-1.mga4 libpostproc52-2.0.7-1.mga4 libavformat55-2.0.7-1.mga4 libavutil52-2.0.7-1.mga4 libswscaler2-2.0.7-1.mga4 libavfilter3-2.0.7-1.mga4 libswresample0-2.0.7-1.mga4 libffmpeg-devel-2.0.7-1.mga4 libffmpeg-static-devel-2.0.7-1.mga4 from ffmpeg-2.0.7-1.mga4.src.rpm
Assignee: shlomif => qa-bugsSummary: ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-9], CVE-2015-1872, CVE-2015-3395, CVE-2015-3417 => ffmpeg new security issues CVE-2014-960[34], CVE-2014-931[6-8], CVE-2015-1872, CVE-2015-3395, CVE-2015-3417
David Walser: that's great! Thanks!
CC: (none) => shlomif
In VirtualBox, M4, KDE, 32-bit Package(s) under test: ffmpeg libavcodec55 libavfilter3 libavformat55 libavutil52 libpostproc52 libswresample0 libswscaler2 default install of ffmpeg libavcodec55 libavfilter3 libavformat55 libavutil52 libpostproc52 libswresample0 libswscaler2 [root@localhost wilcal]# urpmi ffmpeg Package ffmpeg-2.0.6-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavcodec55 Package libavcodec55-2.0.6-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavfilter3 Package libavfilter3-2.0.6-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavformat55 Package libavformat55-2.0.6-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavutil52 Package libavutil52-2.0.6-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libpostproc52 Package libpostproc52-2.0.6-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libswresample0 Package libswresample0-2.0.6-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libswscaler2 Package libswscaler2-2.0.6-1.mga4.tainted.i586 is already installed ffmpeg -i canon_org.mov -ar 22050 -s 240x140 canon.mp4 ffmpeg -i ob_org.flv -ar 22050 -s 240x140 ob.wmv ffmpeg -i old_trolly_org.mp4 -ar 48000 -vb 303000 -r 30 -s 640x480 -aspect 4:3 -vcodec mpeg4 old_trolly_resize.mp4 ffmpeg -i waiting_for_santa_org.wmv -ar 48000 waiting_for_santa.mp4 ffmpeg -i star_wars_org.wav star_wars.mp3 ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm ffmpeg -i james_bond_theme.webm james_bond_theme.flac ffmpeg -i waiting_for_santa_org.wmv waiting_for_santa.mp3 All processes proceeded correctly. OpenShot edits videos+audio correctly. install ffmpeg libavcodec55 libavfilter3 libavformat55 libavutil52 libpostproc52 libswresample0 libswscaler2 from updates_testing [root@localhost wilcal]# urpmi ffmpeg Package ffmpeg-2.0.7-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavcodec55 Package libavcodec55-2.0.7-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavfilter3 Package libavfilter3-2.0.7-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavformat55 Package libavformat55-2.0.7-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libavutil52 Package libavutil52-2.0.7-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libpostproc52 Package libpostproc52-2.0.7-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libswresample0 Package libswresample0-2.0.7-1.mga4.tainted.i586 is already installed [root@localhost wilcal]# urpmi libswscaler2 Package libswscaler2-2.0.7-1.mga4.tainted.i586 is already installed ffmpeg -i canon_org.mov -ar 22050 -s 240x140 canon.mp4 ffmpeg -i ob_org.flv -ar 22050 -s 240x140 ob.wmv ffmpeg -i old_trolly_org.mp4 -ar 48000 -vb 303000 -r 30 -s 640x480 -aspect 4:3 -vcodec mpeg4 old_trolly_resize.mp4 ffmpeg -i waiting_for_santa_org.wmv -ar 48000 waiting_for_santa.mp4 ffmpeg -i star_wars_org.wav star_wars.mp3 ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm ffmpeg -i james_bond_theme.webm james_bond_theme.flac ffmpeg -i waiting_for_santa_org.wmv waiting_for_santa.mp3 All processes proceeded correctly. OpenShot edits videos+audio correctly. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.26-1.mga4.x86_64 virtualbox-guest-additions-4.3.26-1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Package(s) under test: ffmpeg lib64avcodec55 lib64avfilter3 lib64avformat55 lib64avutil52 lib64postproc52 lib64swresample0 lib64swscaler2 default install of ffmpeg lib64avcodec55 lib64avfilter3 lib64avformat55 lib64avutil52 lib64postproc52 lib64swresample0 lib64swscaler2 [root@localhost wilcal]# urpmi ffmpeg Package ffmpeg-2.0.6-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avcodec55 Package lib64avcodec55-2.0.6-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avfilter3 Package lib64avfilter3-2.0.6-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avformat55 Package lib64avformat55-2.0.6-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avutil52 Package lib64avutil52-2.0.6-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64postproc52 Package lib64postproc52-2.0.6-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64swresample0 Package lib64swresample0-2.0.6-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64swscaler2 Package lib64swscaler2-2.0.6-1.mga4.tainted.x86_64 is already installed ffmpeg -i canon_org.mov -ar 22050 -s 240x140 canon.mp4 ffmpeg -i ob_org.flv -ar 22050 -s 240x140 ob.wmv ffmpeg -i old_trolly_org.mp4 -ar 48000 -vb 303000 -r 30 -s 640x480 -aspect 4:3 -vcodec mpeg4 old_trolly_resize.mp4 ffmpeg -i waiting_for_santa_org.wmv -ar 48000 waiting_for_santa.mp4 ffmpeg -i star_wars_org.wav star_wars.mp3 ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm ffmpeg -i james_bond_theme.webm james_bond_theme.flac ffmpeg -i waiting_for_santa_org.wmv waiting_for_santa.mp3 All processes proceeded correctly. OpenShot edits videos+audio correctly. install ffmpeg ffmpeg lib64avcodec55 lib64avfilter3 lib64avformat55 lib64avutil52 lib64postproc52 lib64swresample0 lib64swscaler2 from updates_testing [root@localhost wilcal]# urpmi ffmpeg Package ffmpeg-2.0.7-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avcodec55 Package lib64avcodec55-2.0.7-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avfilter3 Package lib64avfilter3-2.0.7-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avformat55 Package lib64avformat55-2.0.7-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64avutil52 Package lib64avutil52-2.0.7-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64postproc52 Package lib64postproc52-2.0.7-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64swresample0 Package lib64swresample0-2.0.7-1.mga4.tainted.x86_64 is already installed [root@localhost wilcal]# urpmi lib64swscaler2 Package lib64swscaler2-2.0.7-1.mga4.tainted.x86_64 is already installed ffmpeg -i canon_org.mov -ar 22050 -s 240x140 canon.mp4 ffmpeg -i ob_org.flv -ar 22050 -s 240x140 ob.wmv ffmpeg -i old_trolly_org.mp4 -ar 48000 -vb 303000 -r 30 -s 640x480 -aspect 4:3 -vcodec mpeg4 old_trolly_resize.mp4 ffmpeg -i waiting_for_santa_org.wmv -ar 48000 waiting_for_santa.mp4 ffmpeg -i star_wars_org.wav star_wars.mp3 ffmpeg -i james_bond_theme_org.mp3 james_bond_theme.webm ffmpeg -i james_bond_theme.webm james_bond_theme.flac ffmpeg -i waiting_for_santa_org.wmv waiting_for_santa.mp3 All processes proceeded correctly. OpenShot edits videos+audio correctly. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.26-1.mga4.x86_64 virtualbox-guest-additions-4.3.26-1.mga4.x86_64
This update works fine. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: (none) => MGA4-32-OK MGA4-64-OKCC: (none) => sysadmin-bugs
LWN reference for some of the CVEs: http://lwn.net/Vulnerabilities/645049/ http://lwn.net/Vulnerabilities/648182/
Advisory uploaded. Someone from the sysadmin team please push this update.
CC: (none) => davidwhodginsWhiteboard: MGA4-32-OK MGA4-64-OK => MGA4-32-OK MGA4-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0245.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
LWN reference for CVE-2014-9318: http://lwn.net/Vulnerabilities/648690/