------------------------------------------------------------------------ Pardus Linux Security Advisory 2008-77 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2008-12-02 Severity: 3 Type: Remote ------------------------------------------------------------------------ Summary ======= Two vulnerabilities have been fixed in ffmpeg which can cause to a DoS (Denial of Service) Description =========== 1. An endless loop vulnerability when opening corrupt FLV files (issue 699). -- fixed in r15738 2. A divided by zero vulnerability in sub_packet_size. -- fixed in r15739 Affected packages: Pardus 2008: ffmpeg, all before 0.4.9_20080909-48-16 Resolution ========== There are update(s) for ffmpeg. You can update them via Package Manager or with a single command from console: pisi up ffmpeg References ========== * http://svn.pardus.org.tr/pardus/devel/applications/multimedia/ffmpeg/ * http://bugs.pardus.org.tr/show_bug.cgi?id=8734 ------------------------------------------------------------------------ -- Pardus Security Team http://security.pardus.org.tr _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/