Upstream has released version 1.1.1 on August 31, fixing security issues: http://lists.x.org/archives/xorg-announce/2015-August/002630.html Updated packages uploaded for Mageia 4, Mageia 5, and Cauldron. Advisory: ======================== Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files (CVE-2015-5198, CVE-2015-5199, and CVE-2015-5200). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5199 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5200 http://lists.x.org/archives/xorg-announce/2015-August/002630.html ======================== Updated packages in core/updates_testing: ======================== libvdpau1-1.1.1-1.mga4 libvdpau-trace-1.1.1-1.mga4 libvdpau-devel-1.1.1-1.mga4 libvdpau1-1.1.1-1.mga5 libvdpau-trace-1.1.1-1.mga5 libvdpau-devel-1.1.1-1.mga5 from SRPMS: libvdpau-1.1.1-1.mga4.src.rpm libvdpau-1.1.1-1.mga5.src.rpm Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO
Ubuntu has issued an advisory for this on September 3: http://www.ubuntu.com/usn/usn-2729-1/
URL: (none) => http://lwn.net/Vulnerabilities/656661/
mga5 x86_64 NVIDIA GF104 [GeForce GTX 460] Installed packages : lib64vdpau-devel-1.1.1-1.mga5 lib64vdpau1-1.1.1-1.mga5 Running : mplayer -vo vdpau test.mkv VO: [vdpau] 1920x1080 => 1920x1080 Planar YV12 [zoom] Display and cpu usage OK. Update OK.
CC: (none) => yann.cantinWhiteboard: MGA4TOO => MGA4TOO MGA5-64-OK
mga4 i586 virtualbox (GeForce GTX 770) [lcl@alcor ~]$ mplayer -vo vdpau test2.mkv MPlayer SVN-3.r36361.3.mga4.tainted-4.8.2 (C) 2000-2013 MPlayer Team Playing test2.mkv. libavformat version 55.12.100 (external) libavformat file format detected. [lavf] stream 0: video (h264), -vid 0 [lavf] stream 1: audio (aac), -aid 0 VIDEO: [H264] 1024x576 0bpp 24.000 fps 0.0 kbps ( 0.0 kbyte/s) Clip info: creation_time: 2011-06-02 12:45:20 TITLE: Elephant Dream - test 2 DATE_RELEASED: 2010 COMMENT: Matroska Validation File 2, 100,000 timecode scale, odd aspect ratio, and CRC-32. Codecs are AVC and AAC Load subtitles in ./ Failed to open VDPAU backend libvdpau_nvidia.so: cannot open shared object file: No such file or directory [vdpau] Error when calling vdp_device_create_x11: 1 [lcl@alcor ~]$ locate vdpau /usr/lib/libvdpau.so.1 /usr/lib/libvdpau.so.1.0.0 /usr/lib/vdpau /usr/lib/directfb-1.7-0/gfxdrivers/libdirectfb_vdpau.so /usr/lib/directfb-1.7-0/systems/libdirectfb_x11vdpau.so /usr/lib/gstreamer-1.0/libgstvdpau.so /usr/lib/vlc/plugins/codec/libvdpau_plugin.so Played the test file in vlc to confirm that it was valid: Elephant Dream - test 2 Video: codec H264 - MPEG-4 AVC (part 10) (avc1) resolution 1024x576 frame rate 24.0... decoded format: Planar 4:2:0 YUV [lcl@alcor ~]$ sudo urpmi libvdpau_nvidia No package named libvdpau_nvidia Is this a problem with nvidia proprietary driver and 32-bit architecture? It certainly plays fine in x86_64 on the host system, mga5 pre-update.
CC: (none) => tarazed25
Testing in virtualbox mga4 x86_64 mplayer cannot find the vdpau nvidia backend pre-update. After the update the same applies and it is not in the /usr/lib64/vdpau directory either. So maybe it has something to do with virtualbox?
(In reply to Len Lawrence from comment #3) > Failed to open VDPAU backend libvdpau_nvidia.so: cannot open shared object > file: No such file or directory That file is probably in the proprietary nvidia module package (in nonfree). I read something that said only the proprietary nvidia module actually truly makes use of vdpau on Linux.
That seems likely. Is it possible to install a nonfree version for virtualbox? I cannot even find nvidia-settings in this vbox so presumably that is part of the package. Anyway, not to worry; I discovered that one of my test machines has mga4 x86_64 installed. Testing on that and all is well. mga4 x86_64 real hardware - GeForce 310 nvidia 331.113 With the update installed mplayer had no problem with the Matroska test file and posted the same information as referenced in comment 3. And I noted that here are several locations for the vdpau backend.
Whiteboard: MGA4TOO MGA5-64-OK => MGA4TOO MGA5-64-OK MGA4-64-OK has_procedure
Sorry, getting all muddled here. Forget comment 3. This is the information that was returned. [lcl@altair ~]$ mplayer -vo vdpau test2.mkv MPlayer SVN-3.r36361.3.mga4-4.8.2 (C) 2000-2013 MPlayer Team Playing test2.mkv. libavformat version 55.12.100 (external) libavformat file format detected. [lavf] stream 0: video (h264), -vid 0 [lavf] stream 1: audio (aac), -aid 0 VIDEO: [H264] 1024x576 0bpp 24.000 fps 0.0 kbps ( 0.0 kbyte/s) Clip info: creation_time: 2011-06-02 12:45:20 TITLE: Elephant Dream - test 2 DATE_RELEASED: 2010 COMMENT: Matroska Validation File 2, 100,000 timecode scale, odd aspect ratio, and CRC-32. Codecs are AVC and AAC
This is one which can't be tested inside virtualbox. Validating. Advisory uploaded. Please push to 4 & 5 updates Thanks
Keywords: (none) => validated_updateWhiteboard: MGA4TOO MGA5-64-OK MGA4-64-OK has_procedure => MGA4TOO has_procedure advisory MGA5-64-OK MGA4-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0364.html
Status: NEW => RESOLVEDResolution: (none) => FIXED