Uočen je i ispravljen sigurnosni nedostatak kod programskog paketa libvpx kojeg je udaljeni napadač mogao iskoristiti za izvođenje DoS (eng. Denial of Service) napada.
Paket:
libvpx 0.x
Operacijski sustavi:
Mandriva Linux 2010.1, Mandriva Linux 2011
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2012-0823
Izvorni ID preporuke:
MDVSA-2012:023
Izvor:
Mandriva
Problem:
Propust je posljedica neodgovarajuće obrade neispravnih ulaznih podataka ili uoliko dekodiranje započne od P-okvira.
Posljedica:
Udaljeni napadač može iskoristiti navedeni propust za izvođenje napada uskraćivanjem usluge (DoS napad).
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2012:023
http://www.mandriva.com/security/
_______________________________________________________________________
Package : libvpx
Date : February 27, 2012
Affected: 2010.1, 2011.
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in libvpx:
VP8 Codec SDK (libvpx) before 1.0.0 Duclair allows remote attackers
to cause a denial of service (application crash) via (1) unspecified
corrupt input or (2) by starting decoding from a P-frame, which
triggers an out-of-bounds read, related to the clamping of motion
vectors in SPLITMV blocks (CVE-2012-0823).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0823
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
80595bcf9605087872ef9e76988c06fb
2010.1/i586/libvpx0-0.9.7-0.2mdv2010.2.i586.rpm
6a39a655e52324d5454df93c54803e1d
2010.1/i586/libvpx-devel-0.9.7-0.2mdv2010.2.i586.rpm
36669f19119055daa1c65a4341bf00ee
2010.1/i586/libvpx-utils-0.9.7-0.2mdv2010.2.i586.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0
2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm
Mandriva Linux 2010.1/X86_64:
7d42ba1449797b928a025d82fbbf2a65
2010.1/x86_64/lib64vpx0-0.9.7-0.2mdv2010.2.x86_64.rpm
05101dfd30ef938952f61705a1394705
2010.1/x86_64/lib64vpx-devel-0.9.7-0.2mdv2010.2.x86_64.rpm
20e10865900d2a24d58b7677098057e8
2010.1/x86_64/libvpx-utils-0.9.7-0.2mdv2010.2.x86_64.rpm
efbc2e9f8338a146ed9bb4a8133ee3d0
2010.1/SRPMS/libvpx-0.9.7-0.2mdv2010.2.src.rpm
Mandriva Linux 2011:
e77c03974267d8b697fce1944dc7627b
2011/i586/libvpx0-0.9.7-0.2-mdv2011.0.i586.rpm
e52f1469cdf005a7a8e2855a65bfde2f
2011/i586/libvpx-devel-0.9.7-0.2-mdv2011.0.i586.rpm
6fbe1b807480c8c86d482cef51f5cc7d
2011/i586/libvpx-utils-0.9.7-0.2-mdv2011.0.i586.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm
Mandriva Linux 2011/X86_64:
81c2210c4f37421a22a877599304b5a4
2011/x86_64/lib64vpx0-0.9.7-0.2-mdv2011.0.x86_64.rpm
02f987fb0972c5b45a91a3d02060923f
2011/x86_64/lib64vpx-devel-0.9.7-0.2-mdv2011.0.x86_64.rpm
a7d46c97d8294236422b37a8359ba64d
2011/x86_64/libvpx-utils-0.9.7-0.2-mdv2011.0.x86_64.rpm
e274966b396ce1cb66aa4b01f2bea88e 2011/SRPMS/libvpx-0.9.7-0.2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFPS0wZmqjQ0CJFipgRAj19AKDYdeUUJ4W5ODXZ8Jc6pacLTN7F5gCgj9rV
VpJGmeRjSE0ld2CvsSuk3/A=
=Tln3
-----END PGP SIGNATURE-----
Posljednje sigurnosne preporuke