← Back to team overview

ubuntustudio-bugs team mailing list archive

[Bug 1432610] Re: Libav security fixes March 2015

 

** Branch linked: lp:ubuntu/precise-security/libav

** Branch linked: lp:ubuntu/trusty-security/libav

-- 
You received this bug notification because you are a member of Ubuntu
Studio Bugs, which is subscribed to libav in Ubuntu.
Matching subscriptions: Ubuntu Studio Bugs
https://bugs.launchpad.net/bugs/1432610

Title:
  Libav security fixes March 2015

Status in libav package in Ubuntu:
  Confirmed
Status in libav source package in Precise:
  Fix Released
Status in libav source package in Trusty:
  Fix Released
Status in libav source package in Utopic:
  Confirmed
Status in libav source package in Vivid:
  Confirmed

Bug description:
  Libav 0.8.17, 9.18 and 11.3 are out that fix a number of security
  issues.

  version 0.8.17:

  - utvideodec: Handle slice_height being zero (CVE-2014-9604)
  - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
  - rmenc: limit packet size
  - eamad: check for out of bounds read (CID/1257500)
  - h264_cabac: Break infinite loops
  - matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
  - gifdec: refactor interleave end handling (CVE-2014-8547)
  - smc: fix the bounds check (CVE-2014-8548)
  - mmvideo: check frame dimensions (CVE-2014-8543)
  - jvdec: check frame dimensions (CVE-2014-8542)
  - mov: avoid a memleak when multiple stss boxes are present
  - apetag: Fix APE tag size check
  - x86: Only use optimizations with cmov if the CPU supports the instruction
  - x86: Add CPU flag for the i686 cmov instruction

  version 9.18:
  - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
  - utvideodec: Handle slice_height being zero (CVE-2014-9604)
  - rmenc: limit packet size
  - rv10: check size of s->mb_width * s->mb_height
  - eamad: check for out of bounds read (CID/1257500)
  - arm: Suppress tags about used cpu arch and extensions
  - img2dec: correctly use the parsed value from -start_number
  - h264_cabac: Break infinite loops
  - matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
  - smc: fix the bounds check (CVE-2014-8548)
  - gifdec: refactor interleave end handling (CVE-2014-8547)
  - mmvideo: check frame dimensions (CVE-2014-8543)
  - jvdec: check frame dimensions (CVE-2014-8542)
  - mov: avoid a memleak when multiple stss boxes are present
  - mp3enc: fix a triggerable assert
  - apetag: Fix APE tag size check

  version 11.3:

  - utvideodec: Handle slice_height being zero (CVE-2014-9604)
  - adxdec: set avctx->channels in adx_read_header
  - rmenc: limit packet size
  - webp: validate the distance prefix code
  - rv10: check size of s->mb_width * s->mb_height
  - eamad: check for out of bounds read (CID/1257500)
  - mdec: check for out of bounds read (CID/1257501)
  - configure: Properly fail when libcdio/cdparanoia is not found
  - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
  - aic: Fix decoding files with odd dimensions
  - vorbis: Check the vlc value in setup_classifs
  - arm: Suppress tags about used cpu arch and extensions
  - prores: Extend the padding check to 16bit
  - icecast: Do not use chunked post, allows feeding to icecast properly
  - img2dec: correctly use the parsed value from -start_number
  - h264_cabac: Break infinite loops
  - hevc_deblock: Fix compilation with nasm (libav #795)
  - h264: initialize H264Context.avctx in init_thread_copy
  - h264: Do not share rbsp_buffer across threads
  - h264: only ref cur_pic in update_thread_context if it is initialized
  - matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266)
  - log: Unbreak no-tty support on 256color terminals

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1432610/+subscriptions


References