Ubuntu 1087-1: libvpx vulnerability

    Date11 Mar 2011
    CategoryUbuntu
    65
    Posted ByLinuxSecurity Advisories
    Chris Evans discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service.
    ===========================================================
    Ubuntu Security Notice USN-1087-1            March 11, 2011
    libvpx vulnerability
    CVE-2010-4489
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 10.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 10.10:
      libvpx0                         0.9.5-2~build0.10.10.1
    
    This update uses a new upstream release, which includes additional bug
    fixes. In general, a standard system update will make all the necessary
    changes.
    
    Details follow:
    
    Chris Evans discovered that libvpx did not properly perform bounds
    checking. If an application using libvpx opened a specially crafted WebM
    file, an attacker could cause a denial of service.
    
    
    Updated packages for Ubuntu 10.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.debian.tar.gz
          Size/MD5:    11048 c115b3e109a4755efaa01e5b89c56d02
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.dsc
          Size/MD5:     1215 eb2437db5492a8eaabdcb066559ef9aa
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5.orig.tar.bz2
          Size/MD5:  1250422 4bf2f2c76700202c1fe9201fcb0680e3
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-doc_0.9.5-2~build0.10.10.1_all.deb
          Size/MD5:   229474 84ca7bf3c8ec129cef1d3ffe883a46b7
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_amd64.deb
          Size/MD5:   335514 a225a5d9547d5790b2ce543757d94650
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_amd64.deb
          Size/MD5:   543526 1896975be601150457a038df07564649
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_amd64.deb
          Size/MD5:   258726 3afd9e92a7b3890261270f11077d0f49
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_i386.deb
          Size/MD5:   315194 48ba93627e2e04f45a8fca9010468e0b
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_i386.deb
          Size/MD5:   509944 dab7d1fea70f16345e99672ac1d6e1a4
        http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_i386.deb
          Size/MD5:   236882 4924a55e7f167fc07d3e0b5be3923b3c
    
      armel architecture (ARM Architecture):
    
        http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_armel.deb
          Size/MD5:   320462 c2a7da209a25abcd5b47526bd2517a21
        http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_armel.deb
          Size/MD5:   483256 b4ba9b76bf8e86420ba47ae91134cf1c
        http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_armel.deb
          Size/MD5:   260228 afd755c9ab8251adf8f53d302f1c3f63
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_powerpc.deb
          Size/MD5:   314390 5049a1e59ba3de34ac6313a49bdd34e0
        http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_powerpc.deb
          Size/MD5:   484516 16a277103707f8da64039387044edc55
        http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_powerpc.deb
          Size/MD5:   249876 110c4e365f1e545f98bf4b5412a39044
    
    
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.