[USN-1087-1] libvpx vulnerability

看板Bugtraq作者micah.時間15年前 (2011/03/15 02:01)推噓0(0推 0噓 0→)

留言0則, 0人參與討論串1/1

This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig462D87D5C8F4268EADD384AA Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D Ubuntu Security Notice USN-1087-1 March 11, 2011 libvpx vulnerability CVE-2010-4489 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D A security issue affects the following Ubuntu releases: Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 10.10: libvpx0 0.9.5-2~build0.10.10.1 This update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes. Details follow: Chris Evans discovered that libvpx did not properly perform bounds checking. If an application using libvpx opened a specially crafted WebM file, an attacker could cause a denial of service. Updated packages for Ubuntu 10.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-= 2~build0.10.10.1.debian.tar.gz Size/MD5: 11048 c115b3e109a4755efaa01e5b89c56d02 http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-= 2~build0.10.10.1.dsc Size/MD5: 1215 eb2437db5492a8eaabdcb066559ef9aa http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5.= orig.tar.bz2 Size/MD5: 1250422 4bf2f2c76700202c1fe9201fcb0680e3 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-doc_0.= 9.5-2~build0.10.10.1_all.deb Size/MD5: 229474 84ca7bf3c8ec129cef1d3ffe883a46b7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.= 9.5-2~build0.10.10.1_amd64.deb Size/MD5: 335514 a225a5d9547d5790b2ce543757d94650 http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0= =2E9.5-2~build0.10.10.1_amd64.deb Size/MD5: 543526 1896975be601150457a038df07564649 http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5= -2~build0.10.10.1_amd64.deb Size/MD5: 258726 3afd9e92a7b3890261270f11077d0f49 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.= 9.5-2~build0.10.10.1_i386.deb Size/MD5: 315194 48ba93627e2e04f45a8fca9010468e0b http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0= =2E9.5-2~build0.10.10.1_i386.deb Size/MD5: 509944 dab7d1fea70f16345e99672ac1d6e1a4 http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5= -2~build0.10.10.1_i386.deb Size/MD5: 236882 4924a55e7f167fc07d3e0b5be3923b3c armel architecture (ARM Architecture): http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~buil= d0.10.10.1_armel.deb Size/MD5: 320462 c2a7da209a25abcd5b47526bd2517a21 http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~bui= ld0.10.10.1_armel.deb Size/MD5: 483256 b4ba9b76bf8e86420ba47ae91134cf1c http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.= 10.10.1_armel.deb Size/MD5: 260228 afd755c9ab8251adf8f53d302f1c3f63 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~buil= d0.10.10.1_powerpc.deb Size/MD5: 314390 5049a1e59ba3de34ac6313a49bdd34e0 http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~bui= ld0.10.10.1_powerpc.deb Size/MD5: 484516 16a277103707f8da64039387044edc55 http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.= 10.10.1_powerpc.deb Size/MD5: 249876 110c4e365f1e545f98bf4b5412a39044 --------------enig462D87D5C8F4268EADD384AA Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk16djQACgkQTniv4aqX/VkzBgCfVVHt/LBYoM7wl8WSdBez2BZZ sPoAnjihSfwZLdYns5DtWTFeoom/uurV =T7Gc -----END PGP SIGNATURE----- --------------enig462D87D5C8F4268EADD384AA--

‣ 返回看板[ Bugtraq ] 臭蟲

‣ 更多 micah. 的文章

文章代碼(AID): #1DVbVYqZ (Bugtraq)