CVE-2012-2796, CVE-2012-2775, CVE-2012-2772, CVE-2012-2776, CVE-2012-2779, CVE-2012-2787, CVE-2012-2794, CVE-2012-2800, CVE-2012-2802, CVE-2012-2801, CVE-2012-2786, CVE-2012-2798, CVE-2012-2793, CVE-2012-2789, CVE-2012-2788, CVE-2012-2790, CVE-2012-2777, CVE-2012-2784 according to http://ffmpeg.org/security.html Some of the same CVEs were fixed in 0.11, with descriptions here: http://lwn.net/Vulnerabilities/524579/
CC: (none) => fundawang
Built by Funda. Thanks! Luckily this time, this is the only package that needs to be updated. This can now be tested. We'll need an advisory before release. Packages built (in core and tainted): ffmpeg-0.10.6-1.mga2 libavcodec53-0.10.6-1.mga2 libpostproc52-0.10.6-1.mga2 libavformat53-0.10.6-1.mga2 libavutil51-0.10.6-1.mga2 libswscaler2-0.10.6-1.mga2 libavfilter2-0.10.6-1.mga2 libswresample0-0.10.6-1.mga2 libffmpeg-devel-0.10.6-1.mga2 libffmpeg-static-devel-0.10.6-1.mga2 from ffmpeg-0.10.6-1.mga2.src.rpm
Assignee: bugsquad => qa-bugs
All seem to be 'Unspecified vulnerability' so no PoC's
We can get some short descriptions from the git log, but it'll take some time to dig them out, since they weren't helpfully copy and pasted into the ChangeLog upstream. http://git.videolan.org/?p=ffmpeg.git;a=log;h=refs/heads/release/0.10
Advisory: ======================== Updated ffmpeg packages fix security vulnerabilities: * vc1dec: check that coded slice positions and interlacing match. This fixes out of array writes (CVE-2012-2796) * alsdec: fix number of decoded samples in first sub-block in BGMC mode (CVE-2012-2790) * cavsdec: check for changing w/h. Our decoder does not support changing w/h (CVE-2012-2777, CVE-2012-2784) * indeo4: update AVCodecContext width/height on size change (CVE-2012-2787) * avidec: use actually read size instead of requested size (CVE-2012-2788) * wmaprodec: check num_vec_coeffs for validity (CVE-2012-2789) * lagarith: check count before writing zeros (CVE-2012-2793) * indeo3: fix out of cell write (CVE-2012-2776) * indeo5: check tile size in decode_mb_info(). This prevents writing into a too small array if some parameters changed without the tile being reallocated (CVE-2012-2794) * indeo5dec: Make sure we have had a valid gop header. This prevents decoding happening on a half initialized context (CVE-2012-2779) * indeo4/5: check empty tile size in decode_mb_info(). This prevents writing into a too small array if some parameters changed without the tile being reallocated (CVE-2012-2800) * dfa: improve boundary checks in decode_dds1() (CVE-2012-2798) * dfa: check that the caller set width/height properly (CVE-2012-2786) * avsdec: Set dimensions instead of relying on the demuxer. The decode function assumes that the video will have those dimensions (CVE-2012-2801) * ac3dec: ensure get_buffer() gets a buffer for the correct number of channels (CVE-2012-2802) * rv34: error out on size changes with frame threading (CVE-2012-2772) * alsdec: check opt_order. Fixes out of array write in quant_cof. Also make sure no invalid opt_order stays in the context (CVE-2012-2775) This updates ffmpeg to version 0.10.6 which contains the security fixes above as well as other bug fixes. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2796 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2775 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2772 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2776 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2779 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2787 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2794 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2800 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2802 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2801 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2786 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2798 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2793 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2789 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2788 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2790 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2777 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2784 http://git.videolan.org/?p=ffmpeg.git;a=log;h=refs/heads/release/0.10 ======================== Updated packages in {core,tainted}/updates_testing: ======================== ffmpeg-0.10.6-1.mga2 libavcodec53-0.10.6-1.mga2 libpostproc52-0.10.6-1.mga2 libavformat53-0.10.6-1.mga2 libavutil51-0.10.6-1.mga2 libswscaler2-0.10.6-1.mga2 libavfilter2-0.10.6-1.mga2 libswresample0-0.10.6-1.mga2 libffmpeg-devel-0.10.6-1.mga2 libffmpeg-static-devel-0.10.6-1.mga2 from ffmpeg-0.10.6-1.mga2.src.rpm
Severity: normal => major
Some testing ideas here: http://rodrigopolo.com/ffmpeg/cheats.html#FFmpeg_Encoding
Testing complete x86_64 Converted an mkv to flv, avi & wmv. Then the flv back to mkv. Most can be converted with just: $ ffmpeg -i input.mkv output.avi (etc) wmv needed $ ffmpeg -i input.mkv -an -scodec copy output.wmv After installing tainted version converted to mov All OK
Whiteboard: (none) => has_procedure mga2-64-OK
Testing complete i586 Also noticed it using libx264, libmp3lame with tainted. Validating srpm & advisory in comment 4 Could sysadmin please push to core/tainted updates Thanks!
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugsWhiteboard: has_procedure mga2-64-OK => has_procedure mga2-64-OK mga2-32-OK
Update pushed: https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0331
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED