Debian: New ffmpeg packages fix arbitrary code execution

    Date10 Mar 2006
    CategoryDebian
    4826
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 992-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                         Moritz Muehlenhoff
    March 10th, 2006                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : ffmpeg
    Vulnerability  : buffer overflow
    Problem-Type   : local (remote)
    Debian-specific: no
    CVE ID         : CVE-2005-4048
    Debian Bug     : 342207
    
    Simon Kilvington discovered that specially crafted PNG images can trigger
    a heap overflow in libavcodec, the multimedia library of ffmpeg, which may
    lead to the execution of arbitrary code.
    
    The old stable distribution (woody) doesn't contain ffmpeg packages.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 0.cvs20050313-2sarge1.
    
    For the unstable distribution (sid) this problem has been fixed in
    version 0.cvs20050918-5.1.
    
    We recommend that you upgrade your ffmpeg package.
    
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.dsc
          Size/MD5 checksum:      788 c342177de5cb29b6cbe7466913177eb5
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1.diff.gz
          Size/MD5 checksum:    10168 b166812b4f1a0a42958ab688a6a9b5c3
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313.orig.tar.gz
          Size/MD5 checksum:  1826023 2ac646fe7c2788df7cd23c1149d08bfa
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_alpha.deb
          Size/MD5 checksum:  6097254 20856c94289e94503cb81414bb46a757
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_alpha.deb
          Size/MD5 checksum:  3739640 de6bd06e0ad710a03003a0eed7f1530c
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_alpha.deb
          Size/MD5 checksum:   820960 535d69245a0c7904935e90b77b5797e3
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_alpha.deb
          Size/MD5 checksum:    61272 57cb698be0ed4422adb8153cc6e2a319
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_amd64.deb
          Size/MD5 checksum:  4213510 0b7bbdae2e98b397b35a33a73530d019
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_amd64.deb
          Size/MD5 checksum:  2535570 9982493d7b91176eacf42d68ede0c591
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_amd64.deb
          Size/MD5 checksum:   525590 c53090241848ece8088c23f09bf00d4f
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_amd64.deb
          Size/MD5 checksum:    41602 169b0c469dae7dc2f20b64814c498b58
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_arm.deb
          Size/MD5 checksum:  4342778 e59a13ed2b8432709040217e80dc04c6
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_arm.deb
          Size/MD5 checksum:  2712766 18f34fa3107d98c6accff0beeb83f0b1
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_arm.deb
          Size/MD5 checksum:   573938 d624c3b038ff801d3cd23a47b263429d
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_arm.deb
          Size/MD5 checksum:    40930 6e6c30c4f8569f74d52b19951ea29b10
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_i386.deb
          Size/MD5 checksum:  4087446 8f24fe8272e8e41f7a830d3a78027892
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_i386.deb
          Size/MD5 checksum:  2456904 ee10e407200d2d2cc02567206db224cb
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_i386.deb
          Size/MD5 checksum:   531312 979e39569bd3c0ad1f6921f5e69efec3
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_i386.deb
          Size/MD5 checksum:    37704 2f2a6a8a4a2c147509cbfcd33cd445b9
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_ia64.deb
          Size/MD5 checksum:  7881986 5b4310c0ab316bd81fe7a69a25277986
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_ia64.deb
          Size/MD5 checksum:  4696712 f24d29e44585e8ffe79ffef3db3cdad3
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_ia64.deb
          Size/MD5 checksum:   850884 a42456b7f2b65f905b64d2d33b03b9eb
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_ia64.deb
          Size/MD5 checksum:    65550 d5e1df2b7b36d134c54378a8ca7230a5
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_hppa.deb
          Size/MD5 checksum:  4710972 c88dca9b8a05165d3c71cb83585e01e8
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_hppa.deb
          Size/MD5 checksum:  2935898 41be367d2aa57e3693d9187834f0aeee
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_hppa.deb
          Size/MD5 checksum:   635292 f1269f876ac7fe6cc0661662cf5f133c
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_hppa.deb
          Size/MD5 checksum:    49108 bf04bb21e7878ab4f1c5c291dd324dc4
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_m68k.deb
          Size/MD5 checksum:  3367674 eae1a0ac6eefcc776886821086da3c02
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_m68k.deb
          Size/MD5 checksum:  1946552 1a8affe5ffe50060e234f760cfc0c6b1
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_m68k.deb
          Size/MD5 checksum:   455704 0b8bb387131346611599260e410100e9
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_m68k.deb
          Size/MD5 checksum:    35204 81d60fb9bf0e3f31e7d898c8a868c545
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_mips.deb
          Size/MD5 checksum:  4819902 88332fcfc313123677af6915d41be7fe
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_mips.deb
          Size/MD5 checksum:  2922904 82885dc637f3cec90c52a4fcc374fd52
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_mips.deb
          Size/MD5 checksum:   617844 18330498d03482ac6318ba0302d273d5
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_mips.deb
          Size/MD5 checksum:    51068 0514aeed19ca31901d5df9847a7cdb23
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_mipsel.deb
          Size/MD5 checksum:  5051630 f3b44c564b5678f1f21f744fc65d5172
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_mipsel.deb
          Size/MD5 checksum:  3046300 e7bc11b496bbb7028de83086eea3fcbd
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_mipsel.deb
          Size/MD5 checksum:   622342 b3e47a2440123af0a5ae6e7a7a46207f
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_mipsel.deb
          Size/MD5 checksum:    51364 4901d4219bb5b984fa20c8122f7252e5
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_powerpc.deb
          Size/MD5 checksum:  4208168 f64ca157c47e87d40fde82957a49c3b0
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_powerpc.deb
          Size/MD5 checksum:  2403206 8ce18dd5da513472a7ddac85ac59e3cd
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_powerpc.deb
          Size/MD5 checksum:   581924 8a00c2797bea34c999fc20a001a23117
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_powerpc.deb
          Size/MD5 checksum:    62764 12174e83fa8c188c30ba723eeaa35fbc
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_s390.deb
          Size/MD5 checksum:  4081458 1aae1c41a5badc5cf729b68659900006
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_s390.deb
          Size/MD5 checksum:  2358452 2209278e9891594ed5ed820c399ecbbe
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_s390.deb
          Size/MD5 checksum:   545564 49f196be05af5eacb0deff930de7517a
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_s390.deb
          Size/MD5 checksum:    40034 15b1b9c9914da5a5a9b0615e4930f148
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20050313-2sarge1_sparc.deb
          Size/MD5 checksum:  4724252 55821fb402bc19238da5a10ad9be8fac
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20050313-2sarge1_sparc.deb
          Size/MD5 checksum:  2924858 00937f817243eb056e5eb4ad95f006e9
        http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20050313-2sarge1_sparc.deb
          Size/MD5 checksum:   559014 d492198cc33e42a6dd2ad5715a9b9464
        http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20050313-2sarge1_sparc.deb
          Size/MD5 checksum:    41196 4a557e153a493f0a01e2d9e35271a07c
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"4","type":"x","order":"1","pct":57.14,"resources":[]},{"id":"88","title":"Should be more technical","votes":"2","type":"x","order":"2","pct":28.57,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"1","type":"x","order":"3","pct":14.29,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.