ubuntustudio-bugs team mailing list archive
-
ubuntustudio-bugs team
-
Mailing list archive
-
Message #01979
[Bug 1432610] [NEW] Libav security fixes March 2015
*** This bug is a security vulnerability ***
Public security bug reported:
Libav 0.8.17, 9.18 and 11.3 are out that fix a number of security
issues.
version 0.8.17:
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- rmenc: limit packet size
- eamad: check for out of bounds read (CID/1257500)
- h264_cabac: Break infinite loops
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- smc: fix the bounds check (CVE-2014-8548)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mov: avoid a memleak when multiple stss boxes are present
- apetag: Fix APE tag size check
- x86: Only use optimizations with cmov if the CPU supports the instruction
- x86: Add CPU flag for the i686 cmov instruction
version 9.18:
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- rmenc: limit packet size
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- arm: Suppress tags about used cpu arch and extensions
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
- smc: fix the bounds check (CVE-2014-8548)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mov: avoid a memleak when multiple stss boxes are present
- mp3enc: fix a triggerable assert
- apetag: Fix APE tag size check
version 11.3:
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- adxdec: set avctx->channels in adx_read_header
- rmenc: limit packet size
- webp: validate the distance prefix code
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- mdec: check for out of bounds read (CID/1257501)
- configure: Properly fail when libcdio/cdparanoia is not found
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- aic: Fix decoding files with odd dimensions
- vorbis: Check the vlc value in setup_classifs
- arm: Suppress tags about used cpu arch and extensions
- prores: Extend the padding check to 16bit
- icecast: Do not use chunked post, allows feeding to icecast properly
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- hevc_deblock: Fix compilation with nasm (libav #795)
- h264: initialize H264Context.avctx in init_thread_copy
- h264: Do not share rbsp_buffer across threads
- h264: only ref cur_pic in update_thread_context if it is initialized
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266)
- log: Unbreak no-tty support on 256color terminals
** Affects: libav (Ubuntu)
Importance: Undecided
Status: Confirmed
** Affects: libav (Ubuntu Precise)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: libav (Ubuntu Trusty)
Importance: Undecided
Assignee: Marc Deslauriers (mdeslaur)
Status: Confirmed
** Affects: libav (Ubuntu Utopic)
Importance: Undecided
Status: Confirmed
** Affects: libav (Ubuntu Vivid)
Importance: Undecided
Status: Confirmed
** Also affects: libav (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: libav (Ubuntu Vivid)
Importance: Undecided
Status: New
** Also affects: libav (Ubuntu Utopic)
Importance: Undecided
Status: New
** Also affects: libav (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: libav (Ubuntu Precise)
Status: New => Confirmed
** Changed in: libav (Ubuntu Trusty)
Status: New => Confirmed
** Changed in: libav (Ubuntu Utopic)
Status: New => Confirmed
** Changed in: libav (Ubuntu Vivid)
Status: New => Confirmed
** Changed in: libav (Ubuntu Precise)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
** Changed in: libav (Ubuntu Trusty)
Assignee: (unassigned) => Marc Deslauriers (mdeslaur)
--
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to libav in Ubuntu.
Matching subscriptions: Ubuntu Studio Bugs
https://bugs.launchpad.net/bugs/1432610
Title:
Libav security fixes March 2015
Status in libav package in Ubuntu:
Confirmed
Status in libav source package in Precise:
Confirmed
Status in libav source package in Trusty:
Confirmed
Status in libav source package in Utopic:
Confirmed
Status in libav source package in Vivid:
Confirmed
Bug description:
Libav 0.8.17, 9.18 and 11.3 are out that fix a number of security
issues.
version 0.8.17:
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- rmenc: limit packet size
- eamad: check for out of bounds read (CID/1257500)
- h264_cabac: Break infinite loops
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- smc: fix the bounds check (CVE-2014-8548)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mov: avoid a memleak when multiple stss boxes are present
- apetag: Fix APE tag size check
- x86: Only use optimizations with cmov if the CPU supports the instruction
- x86: Add CPU flag for the i686 cmov instruction
version 9.18:
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- rmenc: limit packet size
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- arm: Suppress tags about used cpu arch and extensions
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
- smc: fix the bounds check (CVE-2014-8548)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mov: avoid a memleak when multiple stss boxes are present
- mp3enc: fix a triggerable assert
- apetag: Fix APE tag size check
version 11.3:
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- adxdec: set avctx->channels in adx_read_header
- rmenc: limit packet size
- webp: validate the distance prefix code
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- mdec: check for out of bounds read (CID/1257501)
- configure: Properly fail when libcdio/cdparanoia is not found
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- aic: Fix decoding files with odd dimensions
- vorbis: Check the vlc value in setup_classifs
- arm: Suppress tags about used cpu arch and extensions
- prores: Extend the padding check to 16bit
- icecast: Do not use chunked post, allows feeding to icecast properly
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- hevc_deblock: Fix compilation with nasm (libav #795)
- h264: initialize H264Context.avctx in init_thread_copy
- h264: Do not share rbsp_buffer across threads
- h264: only ref cur_pic in update_thread_context if it is initialized
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266)
- log: Unbreak no-tty support on 256color terminals
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1432610/+subscriptions
Follow ups
References