Pardus Linux Security Advisory - Multiple memory leaks and buffer overflows have been addressed in ffmpeg. Affected packages are mplayer versions below 0.0_20080825-92-11 and ffmpeg versions below 0.4.9_20080825-46-14.
b4b27cac67b92d6e20c70530934418439a246afaab6d193ab1ef0f54f41e36ab------------------------------------------------------------------------
Pardus Linux Security Advisory 2008-36 security@pardus.org.tr
------------------------------------------------------------------------
Date: 2008-09-05
Severity: 2
Type: Remote
------------------------------------------------------------------------
Summary
=======
There are multiple vulnerabilities detected in ffmpeg. Please update
your packages to the latest versions.
Description
===========
* Free in avcodec_close() avctx->rc_eq. Fix a memory leak.
* Buffer overflow in /libavcodec/dca.c. (patch by Alexander E. Patrakov)
* Prevent dts generation code to be executed when delay is>
MAX_REORDER_DELAY, this fixes overflow in AVStream->pts_buffer. (in
libavformat/utils.c())
* Tcp/udp memory leak
Affected packages:
Pardus 2008:
mplayer, all before 0.0_20080825-92-11
ffmpeg, all before 0.4.9_20080825-46-14
Resolution
==========
There are update(s) for mplayer, ffmpeg. You can update them via Package
Manager or with a single command from console:
pisi up mplayer ffmpeg
References
==========
* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016011.html
* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016012.html
* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016352.html
* http://lists.mplayerhq.hu/pipermail/ffmpeg-cvslog/2008-August/016136.html
------------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed