ffmpeg 0.6.6 was released on June 9th, fixing several security issues. An updated package was uploaded by Funda Wang. Advisory: ======================== Updated mplayer packages fix security vulnerabilities: * nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) * dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) * atrac3: Fix crash in tonal component decoding (CVE-2012-0853) * mjpegbdec: Fix overflow in SOS (CVE-2011-3947) * kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) * vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) * dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) * aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) * h264: Add check for invalid chroma_format_idc (CVE-2012-0851) * adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) * shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) * kmvc: Check palsize (CVE-2011-3952) * several other bugs were fixed as well, see the ChangeLog References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;h=6f753216f5383eb296802efe1dbd3eea0ed589af;hb=62133b38ed043b57eeecbe7fc8b6f187fd92e5e0 ======================== Updated packages in {core,tainted}/updates_testing: ======================== ffmpeg-0.6.6-0.1.mga1 libavformats52-0.6.6-0.1.mga1 libavutil50-0.6.6-0.1.mga1 libffmpeg-devel-0.6.6-0.1.mga1 libffmpeg-static-devel-0.6.6-0.1.mga1 libffmpeg52-0.6.6-0.1.mga1 libpostproc51-0.6.6-0.1.mga1 libswscaler0-0.6.6-0.1.mga1 from ffmpeg-0.6.6-0.1.mga1.src.rpm
CC: (none) => fundawangBlocks: (none) => 6427
Whoops, fixing the advisory. Advisory: ======================== Updated ffmpeg packages fix security vulnerabilities: * nsvdec: Fix use of uninitialized streams, Be more careful with av_malloc(), nsvdec: Propagate errors (CVE-2011-3940) * dv: Fix small stack overread, check stype, Fix null pointer dereference due to ach=0 (CVE-2011-3929 and CVE-2011-3936) * atrac3: Fix crash in tonal component decoding (CVE-2012-0853) * mjpegbdec: Fix overflow in SOS (CVE-2011-3947) * kgv1dec: Increase offsets array size so it is large enough (CVE-2011-3945) * vqavideo: return error if image size is not a multiple of block size (CVE-2012-0947) * dpcm: ignore extra unpaired bytes in stereo streams (CVE-2011-3951) * aacsbr: prevent out of bounds memcpy() (CVE-2012-0850) * h264: Add check for invalid chroma_format_idc (CVE-2012-0851) * adpcm: ADPCM Electronic Arts has always two channels (CVE-2012-0852) * shorten: Use separate pointers for the allocated memory for decoded samples, check for realloc failure (CVE-2012-0858) * kmvc: Check palsize (CVE-2011-3952) * several other bugs were fixed as well, see the ChangeLog References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3929 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3936 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3940 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3945 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3947 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3951 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0850 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0851 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0852 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0853 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0858 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0947 http://git.videolan.org/?p=ffmpeg.git;a=blob;f=Changelog;h=6f753216f5383eb296802efe1dbd3eea0ed589af;hb=62133b38ed043b57eeecbe7fc8b6f187fd92e5e0 ======================== Updated packages in {core,tainted}/updates_testing: ======================== ffmpeg-0.6.6-0.1.mga1 libavformats52-0.6.6-0.1.mga1 libavutil50-0.6.6-0.1.mga1 libffmpeg-devel-0.6.6-0.1.mga1 libffmpeg-static-devel-0.6.6-0.1.mga1 libffmpeg52-0.6.6-0.1.mga1 libpostproc51-0.6.6-0.1.mga1 libswscaler0-0.6.6-0.1.mga1 from ffmpeg-0.6.6-0.1.mga1.src.rpm
Testing Mageia 1 i586 now.
CC: (none) => davidwhodgins
In Mageia 2, the following command works ffmpeg -t 10 -f video4linux2 -s 160x120 -r 25 -i /dev/video0 -f alsa -i default -f mpeg webcam.mpeg In Mageia 1, it fails with ... [video4linux2 @ 0x8d60440]Cannot find a proper format for codec_id 0, pix_fmt -1. /dev/video0: Input/output error This is not a regression, but I have no idea why it's failing in Mageia 1.
I've also noticed that on Mageia 1, the man pages are missing. Again, not a regression.
After running "cp /usr/share/doc/ffmpeg/ffserver.conf /etc" ffserver fails with ... bind(port 8090): Invalid argument It works on Mageia 2. I'll check later to see if this is a regression.
Hardware: i586 => AllSummary: ffmpeg new security issues fixed in 0.6.6 => ffmpeg new security issues fixed in 0.6.6 [mga1]
testing x86_64 mga1
Testing on Mageia 1 i586 and x86_64 from both core and tainted repos. Moving ffserver.conf to /etc as-is and running ffserver has the same results as Dave's in both i586 and x86_64. Worked correctly in Mageia 2 i586 and x86_64, but failed for both archs in Mageia 1 with: bind(port 8090): Invalid argument But testing ffmpeg with the webcam had the opposite results from what Dave had. In Mageia 1, this worked correctly: ffmpeg -t 10 -f video4linux2 -s 160x120 -r 25 -i /dev/video0 -f alsa -i default -f mpeg webcam.mpeg But in Mageia 2 it failed with: [video4linux2,v4l2 @ 0x17480a0] ioctl set time per frame(1/25) failed. On both archs, installed and tested from core repo first, then tainted. The only difference was formats not supported in the core repos (like mkv) were converted correctly using the tainted repos.
CC: (none) => fcs
Only found a couple of PoC test cases and neither caused the described errors before or after updates. Tested using a variety of input media (avi, mp4, mov, mkv, flv, vqa), converting to variety of other formats using codecs from the advisory, when possible, with very few problems. Not all combinations of formats and codecs were checked. Testing for ffmpeg-0.6.6-0.1.mga1.src.rpm complete. --------------------------------------------------------------------------------- Update validated. Thanks. Advisory: ========= Advisory from comment 1 by David Walser Could sysadmin please push from {core,tainted}/updates_testing to {core,tainted}/updates. SRPMS: ffmpeg-0.6.6-0.1.mga1.src.rpm
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: (none) => mga1-64-OK, mga1-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0142
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED