[ MDVSA-2012:023 ] libvpx



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:023
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libvpx
Date : February 27, 2012
Affected: 2010.1, 2011.
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in libvpx:

VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers
to cause a denial of service (application crash) via (1) unspecified
corrupt input or (2) by starting decoding from a P-frame, which
triggers an out-of-bounds read, related to the clamping of motion
vectors in SPLITMV blocks (CVE-2012-0823).

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0823
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
80595bcf9605087872ef9e76988c06fb 2010.1/i586/libvpx0-0.9.7-0.2mdv2010.2.i586.rpm
6a39a655e52324d5454df93c54803e1d 2010.1/i586/libvpx-devel-0.9.7-0.2mdv2010.2.i586.rpm
36669f19119055daa1c65a4341bf00ee 2010.1/i586/libvpx-utils-0.9.7-0.2mdv2010.2.i586.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
7d42ba1449797b928a025d82fbbf2a65 2010.1/x86_64/lib64vpx0-0.9.7-0.2mdv2010.2.x86_64.rpm
05101dfd30ef938952f61705a1394705 2010.1/x86_64/lib64vpx-devel-0.9.7-0.2mdv2010.2.x86_64.rpm
20e10865900d2a24d58b7677098057e8 2010.1/x86_64/libvpx-utils-0.9.7-0.2mdv2010.2.x86_64.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm

Mandriva Linux 2011:
e77c03974267d8b697fce1944dc7627b 2011/i586/libvpx0-0.9.7-0.2-mdv2011.0.i586.rpm
e52f1469cdf005a7a8e2855a65bfde2f 2011/i586/libvpx-devel-0.9.7-0.2-mdv2011.0.i586.rpm
6fbe1b807480c8c86d482cef51f5cc7d 2011/i586/libvpx-utils-0.9.7-0.2-mdv2011.0.i586.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm

Mandriva Linux 2011/X86_64:
81c2210c4f37421a22a877599304b5a4 2011/x86_64/lib64vpx0-0.9.7-0.2-mdv2011.0.x86_64.rpm
02f987fb0972c5b45a91a3d02060923f 2011/x86_64/lib64vpx-devel-0.9.7-0.2-mdv2011.0.x86_64.rpm
a7d46c97d8294236422b37a8359ba64d 2011/x86_64/libvpx-utils-0.9.7-0.2-mdv2011.0.x86_64.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPS0wZmqjQ0CJFipgRAj19AKDYdeUUJ4W5ODXZ8Jc6pacLTN7F5gCgj9rV
VpJGmeRjSE0ld2CvsSuk3/A=
=Tln3
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Full-Disclosure)
  • [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Bugtraq)
  • [Full-disclosure] [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [Full-disclosure] [ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix i
    ... Local exploitation of a memory corruption vulnerability in the X.Org ... Updated packages are patched to address these issues. ... Packages for Mandriva Linux 2007.1 are now available. ...
    (Full-Disclosure)