what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Mandriva Linux Security Advisory 2012-023-1

Mandriva Linux Security Advisory 2012-023-1
Posted Feb 28, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-023 - A vulnerability has been found and corrected in libvpx. VP8 Codec SDK before 1.0.0 Duclair allows remote attackers to cause a denial of service unspecified corrupt input or by starting decoding from a P-frame, which triggers an out-of-bounds read, related to the clamping of motion vectors in SPLITMV blocks. The updated packages have been patched to correct this issue. This is a symbolic advisory correction because there was a clash with MDVSA-2012:023 that addressed libxml2.

tags | advisory, remote, denial of service
systems | linux, mandriva
advisories | CVE-2012-0823
SHA-256 | 5760ddad7ab7f5d50d45e9d6d2b01846dcf94ede1f8a9d2ef97fe65d6bc27c3f

Mandriva Linux Security Advisory 2012-023-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2012:023-1
http://www.mandriva.com/security/
_______________________________________________________________________

Package : libvpx
Date : February 28, 2012
Affected: 2010.1, 2011.
_______________________________________________________________________

Problem Description:

A vulnerability has been found and corrected in libvpx:

VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers
to cause a denial of service (application crash) via (1) unspecified
corrupt input or (2) by starting decoding from a P-frame, which
triggers an out-of-bounds read, related to the clamping of motion
vectors in SPLITMV blocks (CVE-2012-0823).

The updated packages have been patched to correct this issue.

Update:

This is a symbolic advisory correction because there was a clash with
MDVSA-2012:023 that addressed libxml2.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0823
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2010.1:
80595bcf9605087872ef9e76988c06fb 2010.1/i586/libvpx0-0.9.7-0.2mdv2010.2.i586.rpm
6a39a655e52324d5454df93c54803e1d 2010.1/i586/libvpx-devel-0.9.7-0.2mdv2010.2.i586.rpm
36669f19119055daa1c65a4341bf00ee 2010.1/i586/libvpx-utils-0.9.7-0.2mdv2010.2.i586.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm

Mandriva Linux 2010.1/X86_64:
7d42ba1449797b928a025d82fbbf2a65 2010.1/x86_64/lib64vpx0-0.9.7-0.2mdv2010.2.x86_64.rpm
05101dfd30ef938952f61705a1394705 2010.1/x86_64/lib64vpx-devel-0.9.7-0.2mdv2010.2.x86_64.rpm
20e10865900d2a24d58b7677098057e8 2010.1/x86_64/libvpx-utils-0.9.7-0.2mdv2010.2.x86_64.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0 2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm

Mandriva Linux 2011:
e77c03974267d8b697fce1944dc7627b 2011/i586/libvpx0-0.9.7-0.2-mdv2011.0.i586.rpm
e52f1469cdf005a7a8e2855a65bfde2f 2011/i586/libvpx-devel-0.9.7-0.2-mdv2011.0.i586.rpm
6fbe1b807480c8c86d482cef51f5cc7d 2011/i586/libvpx-utils-0.9.7-0.2-mdv2011.0.i586.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm

Mandriva Linux 2011/X86_64:
81c2210c4f37421a22a877599304b5a4 2011/x86_64/lib64vpx0-0.9.7-0.2-mdv2011.0.x86_64.rpm
02f987fb0972c5b45a91a3d02060923f 2011/x86_64/lib64vpx-devel-0.9.7-0.2-mdv2011.0.x86_64.rpm
a7d46c97d8294236422b37a8359ba64d 2011/x86_64/libvpx-utils-0.9.7-0.2-mdv2011.0.x86_64.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFPTL06mqjQ0CJFipgRAmSwAKC3SrXDSm5poitKzRLbK3HdV0s5XwCgqOwj
GCMzTwqDabkLHPmw9/sT7lk=
=XrZF
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close