Description of problem: There is now mplayer-1.0-1.rc4.0.r32713.5.1.mga1 in core/updates_testing and tainted/updates_testing to validate. ------------------------------------------------------- Suggested advisory: ------------------- This update addresses the folloving CVEs: - CVE-2011-1196 (denial of service and possible code execution via malformed OGG file) http://code.google.com/p/chromium/issues/detail?id=71788 - CVE-2011-3362 (arbitrary code execution via malformed CAVS file) http://www.ocert.org/advisories/ocert-2011-002.html - CVE-2011-1931 (denial of service and possible code execution via malformed AMV file) http://seclists.org/bugtraq/2011/Apr/257 - CVE-2011-2161 (denial of service via malformed APE file) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2161 - CVE-2011-0480 (denial of service and possible code execution via crafted WebM file) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480 - CVE-2011-0723 (denial of service and possible code execution via crafted VC1 file) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0723 Other fixes in this release: - fix unchecked return values of function "svq3_get_ue_golomb()" that may cause a crash, patch from upstream, rediffed for our ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=patch;h=979bea13003ef489d95d2538ac2fb1c26c6f103b ------------------------------------------------------- Steps to reproduce: - install/update to update candidate Additional Notes: - FWIW the first two issues and the "Other fixes in this release" are the same as in https://bugs.mageia.org/show_bug.cgi?id=2820 as gstreamer0.10-ffmpeg contains a bundled copy of ffmpeg. - for CVE-2011-2161 see the following link for a perl skript to create a file that can be used to crash ffmpeg/VLC: http://packetstorm.linuxsecurity.com/1103-exploits/vlc105-dos.txt
(In reply to comment #0) > - FWIW the first two issues and the "Other fixes in this release" are the same > as in https://bugs.mageia.org/show_bug.cgi?id=2820 as gstreamer0.10-ffmpeg > contains a bundled copy of ffmpeg. Whoops! C&P mistake. Make that "[...] as mplayer contains a bundled copy of ffmpeg."
Neither the file generated by the perl script nor the ogg file from the first CVE crash mplayer from Core Release. There are error messages, but no indications of a segfault, etc. So all we can test is that mplayer (both Core Updates Testing and Tainted Updates Testing) install ok, and have no obvious regressions. I'll be testing i586 shortly.
CC: (none) => davidwhodgins
I've tested mplayer from Core Updates Testing with mp3, ogg, and wav files. I've tested mplayer from Tainted Updates Testing with the above and an m4a file that the Core version will not play. Testing complete on i586.
x86_64 Before: ------- Confirmed segfault. $ mplayer Kedans.ape Option msglevel: Unknown suboption 5 Warning unknown option msglevel at line 5 MPlayer SVN-1.rc4.0.r32713.4.mga1-4.5.2 (C) 2000-2010 MPlayer Team mplayer: could not open config files /home/claire/.lircrc and /etc/lirc/lircrc mplayer: No such file or directory Failed to read LIRC config file ~/.lircrc. Playing Kedans.ape. libavformat file format detected. Segmentation fault After: ------ Installed from core/updates_testing $ mplayer Kedans.ape Option msglevel: Unknown suboption 5 Warning unknown option msglevel at line 5 MPlayer SVN-1.rc4.0.r32713.5.1.mga1-4.5.2 (C) 2000-2010 MPlayer Team mplayer: could not open config files /home/claire/.lircrc and /etc/lirc/lircrc mplayer: No such file or directory Failed to read LIRC config file ~/.lircrc. Playing Kedans.ape. libavformat file format detected. [ape @ 0x32d38a0] No frames in the file! LAVF_header: av_open_input_stream() failed Invalid seek to negative position! libavformat file format detected. [ape @ 0x32d38a0] No frames in the file! LAVF_header: av_open_input_stream() failed Exiting... (End of file) Tested various video and audio formats OK. Installed from tainted/updates_testing. $ mplayer Kedans.ape Option msglevel: Unknown suboption 5 Warning unknown option msglevel at line 5 MPlayer SVN-1.rc4.0.r32713.5.1.mga1.tainted-4.5.2 (C) 2000-2010 MPlayer Team mplayer: could not open config files /home/claire/.lircrc and /etc/lirc/lircrc mplayer: No such file or directory Failed to read LIRC config file ~/.lircrc. Playing Kedans.ape. libavformat file format detected. [ape @ 0x176fe80] No frames in the file! LAVF_header: av_open_input_stream() failed Invalid seek to negative position! libavformat file format detected. [ape @ 0x176fe80] No frames in the file! LAVF_header: av_open_input_stream() failed Exiting... (End of file) Tested with various formats, all OK.
Validating the update. Advisory: ------------------- This update addresses the folloving CVEs: - CVE-2011-1196 (denial of service and possible code execution via malformed OGG file) http://code.google.com/p/chromium/issues/detail?id=71788 - CVE-2011-3362 (arbitrary code execution via malformed CAVS file) http://www.ocert.org/advisories/ocert-2011-002.html - CVE-2011-1931 (denial of service and possible code execution via malformed AMV file) http://seclists.org/bugtraq/2011/Apr/257 - CVE-2011-2161 (denial of service via malformed APE file) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2161 - CVE-2011-0480 (denial of service and possible code execution via crafted WebM file) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0480 - CVE-2011-0723 (denial of service and possible code execution via crafted VC1 file) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0723 Other fixes in this release: - fix unchecked return values of function "svq3_get_ue_golomb()" that may cause a crash, patch from upstream, rediffed for our ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=patch;h=979bea13003ef489d95d2538ac2fb1c26c6f103b ------------------------------------------------------- SRPM's mplayer-1.0-1.rc4.0.r32713.5.1.mga1.src.rpm mplayer-1.0-1.rc4.0.r32713.5.1.mga1.tainted.src.rpm Please note this will require links from release media to updates. i586: libdca0-0.0.5-3.mga1 (Tainted Release) libdvdcss2-1.2.10-3.mga1 (Tainted Release) liblame0-3.98.4-2.mga1 (Tainted Release) libopencore-amr0-0.1.2-3.mga1 (Tainted Release) libx264_110-0.110-0.20101203.2.mga1 (Tainted Release) libxvid4-1.3.1-2.mga1 (Tainted Release) libtwolame0-0.3.12-7.mga1 (Core Release) x86_64 lib64dca0-0.0.5-3.mga1 (Tainted Release) lib64dvdcss2-1.2.10-3.mga1 (Tainted Release) lib64lame0-3.98.4-2.mga1 (Tainted Release) lib64opencore-amr0-0.1.2-3.mga1 (Tainted Release) lib64x264_110-0.110-0.20101203.2.mga1 (Tainted Release) lib64xvid4-1.3.1-2.mga1 (Tainted Release) lib64twolame0-0.3.12-7.mga1 (Core Release) Could sysadmin please push the srpms and make the required links 32 & 64 bit. Thankyou!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED