From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1781-1
[email protected] http://www.debian.org/security/ Steffen Joeris
April 29, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : ffmpeg-debian
Vulnerability : several vulnerabilities
Problem type : local (remote)
Debian-specific: no
CVE Ids : CVE-2009-0385 CVE-2008-3162
Debian Bugs : 524799 489965
Several vulnerabilities have been discovered in ffmpeg, a multimedia
player, server and encoder. The Common Vulnerabilities and Exposures
project identifies the following problems:
CVE-2009-0385
It was discovered that watching a malformed 4X movie file could lead to
the execution of arbitrary code.
CVE-2008-3162
It was discovered that using a crafted STR file can lead to the
execution of arbitrary code.
For the oldstable distribution (etch), these problems have been fixed
in version 0.cvs20060823-8+etch1.
For the stable distribution (lenny), these problems have been fixed in
version 0.svn20080206-17+lenny1.
For the testing distribution (squeeze) and the unstable distribution
(sid), these problems have been fixed in version 0.svn20080206-16.
We recommend that you upgrade your ffmpeg-debian packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1.dsc
Size/MD5 checksum: 1271 9ec2715aea4be5b91b1ed1e694d71e72
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823.orig.tar.gz
Size/MD5 checksum: 2309921 12e2e5d9e46ebfd08851b05665ecce25
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1.diff.gz
Size/MD5 checksum: 37279 acab6c61a1f82caa6e44da962f40db41
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_alpha.deb
Size/MD5 checksum: 1758996 d6d582615c3b06220f87e480599ae780
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_alpha.deb
Size/MD5 checksum: 468626 ca150f7e2ecb6be6e61426ce5a87dfc9
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_alpha.deb
Size/MD5 checksum: 44738 77bdfc1faf07b98af2a7c74cbd8a8227
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_alpha.deb
Size/MD5 checksum: 1954418 c147594951f7233d8a3878c18845137f
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_alpha.deb
Size/MD5 checksum: 193846 811504b6006ac5fa9687aa6315e74a20
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_alpha.deb
Size/MD5 checksum: 315844 93ae83ed9fc96a8fc274dd6148577d58
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_alpha.deb
Size/MD5 checksum: 46530 62191f7707e034589e64f83caf17c74d
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_amd64.deb
Size/MD5 checksum: 64986 028d66d1ace6ef0046362b218ad10f11
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_amd64.deb
Size/MD5 checksum: 64098 6fe0063a201e3da5bd395cddf8f539a9
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_amd64.deb
Size/MD5 checksum: 1550626 e3c31d11701a70bfa542dd693fa43c78
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_amd64.deb
Size/MD5 checksum: 268932 4635daf9397ea8e83f90c1419c3fbde2
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_amd64.deb
Size/MD5 checksum: 335418 09c864a8cb6f0afc41b8a0efcb2ba3eb
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_amd64.deb
Size/MD5 checksum: 181666 d4391f84650eedae1416ef90bc8a566e
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_amd64.deb
Size/MD5 checksum: 1486582 55b812b62b08173cc95eb4b19c256cdc
arm architecture (ARM)
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat0d_0.cvs20060823-8+etch1_arm.deb
Size/MD5 checksum: 272146 0fdea35e661f6025a24a7550766eb49a
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec-dev_0.cvs20060823-8+etch1_arm.deb
Size/MD5 checksum: 1770012 39914b1591fdd4b921f3b5ea8892c567
http://security.debian.org/pool/updates/main/f/ffmpeg/libavformat-dev_0.cvs20060823-8+etch1_arm.deb
Size/MD5 checksum: 323124 eabd77d7e52ed94dcdb9ff97c062447f
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc-dev_0.cvs20060823-8+etch1_arm.deb
Size/MD5 checksum: 38258 11c8c71d1d7dcd1400f48f6a127899b5
http://security.debian.org/pool/updates/main/f/ffmpeg/libpostproc0d_0.cvs20060823-8+etch1_arm.deb
Size/MD5 checksum: 38560 909228a47a6800be111bea2daac2f35a
http://security.debian.org/pool/updates/main/f/ffmpeg/libavcodec0d_0.cvs20060823-8+etch1_arm.deb
Size/MD5 checksum: 1790764 f57a5d09eaf689e8c87fbf49bcbfe551
http://security.debian.org/pool/updates/main/f/ffmpeg/ffmpeg_0.cvs20060823-8+etch1_arm.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)