[SECURITY] [DSA 2494-1] ffmpeg security update

2012-06-1420:24:35

lists.debian.org

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.4%

JSON

Debian Security Advisory DSA-2494-1 [email protected]
http://www.debian.org/security/ Florian Weimer
June 14, 2012 http://www.debian.org/security/faq

Package : ffmpeg
Vulnerability : several
Problem type : local (remote)
Debian-specific: no
CVE ID : CVE-2011-3951 CVE-2011-3952 CVE-2012-0851 CVE-2012-0852

It was discovered that ffmpeg, Debian's version of the libav media
codec suite, contains vulnerabilities in the DPCM codecs
(CVE-2011-3951), H.264 (CVE-2012-0851), ADPCM (CVE-2012-0852), and the
KMVC decoder (CVE-2011-3952).

In addition, this update contains bug fixes from the libav 0.5.9
upstream release.

For the stable distribution (squeeze), these problems have been fixed
in version 4:0.5.9-1.

For the unstable distribution (sid), these problems have been fixed in
version 6:0.8.3-1.

We recommend that you upgrade your ffmpeg packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian6alllibavfilter0< 4:0.5.9-1libavfilter0_4:0.5.9-1_all.deb
Debian6alllibswscale-dev< 4:0.5.9-1libswscale-dev_4:0.5.9-1_all.deb
Debian6allffmpeg-doc< 4:0.5.9-1ffmpeg-doc_4:0.5.9-1_all.deb
Debian6alllibavcodec-dev< 4:0.5.9-1libavcodec-dev_4:0.5.9-1_all.deb
Debian6alllibavcodec52< 4:0.5.9-1libavcodec52_4:0.5.9-1_all.deb
Debian6alllibavutil49< 4:0.5.9-1libavutil49_4:0.5.9-1_all.deb
Debian6alllibswscale0< 4:0.5.9-1libswscale0_4:0.5.9-1_all.deb
Debian6alllibavdevice-dev< 4:0.5.9-1libavdevice-dev_4:0.5.9-1_all.deb
Debian6alllibpostproc51< 4:0.5.9-1libpostproc51_4:0.5.9-1_all.deb
Debian6alllibavformat52< 4:0.5.9-1libavformat52_4:0.5.9-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	6	all	libavfilter0	< 4:0.5.9-1	libavfilter0_4:0.5.9-1_all.deb
Debian	6	all	libswscale-dev	< 4:0.5.9-1	libswscale-dev_4:0.5.9-1_all.deb
Debian	6	all	ffmpeg-doc	< 4:0.5.9-1	ffmpeg-doc_4:0.5.9-1_all.deb
Debian	6	all	libavcodec-dev	< 4:0.5.9-1	libavcodec-dev_4:0.5.9-1_all.deb
Debian	6	all	libavcodec52	< 4:0.5.9-1	libavcodec52_4:0.5.9-1_all.deb
Debian	6	all	libavutil49	< 4:0.5.9-1	libavutil49_4:0.5.9-1_all.deb
Debian	6	all	libswscale0	< 4:0.5.9-1	libswscale0_4:0.5.9-1_all.deb
Debian	6	all	libavdevice-dev	< 4:0.5.9-1	libavdevice-dev_4:0.5.9-1_all.deb
Debian	6	all	libpostproc51	< 4:0.5.9-1	libpostproc51_4:0.5.9-1_all.deb
Debian	6	all	libavformat52	< 4:0.5.9-1	libavformat52_4:0.5.9-1_all.deb