- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201406-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Libav: Multiple vulnerabilities
Date: June 26, 2014
Bugs: #439052, #452202, #470734
ID: 201406-28
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in Libav, allowing attackersto execute arbitrary code or cause Denial of Service.
Background
=========
Libav is a complete solution to record, convert and stream audio and
video.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/libav < 0.8.7 >= 0.8.7
Description
==========
Multiple vulnerabilities have been discovered in Libav. Please review
the CVE identifiers referenced below for details.
Impact
=====
A remote attacker could entice a user to open a specially crafted media
file in an application linked against Libav, possibly resulting in
execution of arbitrary code with the privileges of the application or a
Denial of Service condition.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All Libav users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/libav-0.8.7"
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying these packages.
References
=========
[ 1 ] CVE-2012-2772
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772
[ 2 ] CVE-2012-2775
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775
[ 3 ] CVE-2012-2776
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776
[ 4 ] CVE-2012-2777
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777
[ 5 ] CVE-2012-2779
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779
[ 6 ] CVE-2012-2783
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783
[ 7 ] CVE-2012-2784
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784
[ 8 ] CVE-2012-2786
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786
[ 9 ] CVE-2012-2787
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787
[ 10 ] CVE-2012-2788
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788
[ 11 ] CVE-2012-2789
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789
[ 12 ] CVE-2012-2790
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790
[ 13 ] CVE-2012-2791
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791
[ 14 ] CVE-2012-2793
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793
[ 15 ] CVE-2012-2794
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794
[ 16 ] CVE-2012-2796
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796
[ 17 ] CVE-2012-2797
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797
[ 18 ] CVE-2012-2798
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798
[ 19 ] CVE-2012-2800
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800
[ 20 ] CVE-2012-2801
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801
[ 21 ] CVE-2012-2802
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802
[ 22 ] CVE-2012-2803
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803
[ 23 ] CVE-2012-2804
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804
[ 24 ] CVE-2012-5144
https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/glsa-201406-28.xml
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2014 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
Gentoo: GLSA-201406-28: Libav: Multiple vulnerabilities
Multiple vulnerabilities have been found in Libav, allowing attackers to execute arbitrary code or cause Denial of Service.
Summary
Multiple vulnerabilities have been discovered in Libav. Please review the CVE identifiers referenced below for details.
Resolution
All Libav users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=media-video/libav-0.8.7"
Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying these packages.
References
[ 1 ] CVE-2012-2772 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2772 [ 2 ] CVE-2012-2775 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2775 [ 3 ] CVE-2012-2776 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2776 [ 4 ] CVE-2012-2777 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2777 [ 5 ] CVE-2012-2779 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2779 [ 6 ] CVE-2012-2783 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2783 [ 7 ] CVE-2012-2784 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2784 [ 8 ] CVE-2012-2786 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2786 [ 9 ] CVE-2012-2787 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2787 [ 10 ] CVE-2012-2788 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2788 [ 11 ] CVE-2012-2789 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2789 [ 12 ] CVE-2012-2790 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2790 [ 13 ] CVE-2012-2791 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2791 [ 14 ] CVE-2012-2793 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2793 [ 15 ] CVE-2012-2794 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2794 [ 16 ] CVE-2012-2796 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2796 [ 17 ] CVE-2012-2797 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2797 [ 18 ] CVE-2012-2798 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2798 [ 19 ] CVE-2012-2800 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2800 [ 20 ] CVE-2012-2801 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2801 [ 21 ] CVE-2012-2802 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2802 [ 22 ] CVE-2012-2803 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2803 [ 23 ] CVE-2012-2804 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2804 [ 24 ] CVE-2012-5144 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5144
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/glsa-201406-28.xml
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Severity
Severity: Normal
Title: Libav: Multiple vulnerabilities
Date: June 26, 2014
Bugs: #439052, #452202, #470734
ID: 201406-28
Synopsis
Multiple vulnerabilities have been found in Libav, allowing attackersto execute arbitrary code or cause Denial of Service.
Background
Libav is a complete solution to record, convert and stream audio and video.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/libav < 0.8.7 >= 0.8.7
Impact
===== A remote attacker could entice a user to open a specially crafted media file in an application linked against Libav, possibly resulting in execution of arbitrary code with the privileges of the application or a Denial of Service condition.
Workaround
There is no known workaround at this time.
News
HOWTOs
Features
About Us
Powered By
