U radu programskog paketa libvpx uočen je sigurnosni nedostatak. Riječ je o biblioteci otvorenog koda koja se koristi za rad s VP8 formatom video kompresije, a razvija ju tvrtka Google. Nedostatak je posljedica neodgovarajuće provjere granica u programskom kodu. Zlonamjerni korisnik može ga iskoristiti za izvođenje napada uskraćivanjem usluge (DoS). Pritom uspješna zlouporaba uključuje navođenje korisnika na otvaranje zlonamjerno oblikovane WebM datoteke. Svim korisnicima ranjivog paketa savjetuje se instalacija odgovarajuće nadogradnje.
===========================================================
Ubuntu Security Notice USN-1087-1 March 11, 2011
libvpx vulnerability
CVE-2010-4489
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 10.10:
libvpx0 0.9.5-2~build0.10.10.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
Details follow:
Chris Evans discovered that libvpx did not properly perform bounds
checking. If an application using libvpx opened a specially crafted WebM
file, an attacker could cause a denial of service.
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.debian.tar.gz
Size/MD5: 11048 c115b3e109a4755efaa01e5b89c56d02
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5-2~build0.10.10.1.dsc
Size/MD5: 1215 eb2437db5492a8eaabdcb066559ef9aa
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.5.orig.tar.bz2
Size/MD5: 1250422 4bf2f2c76700202c1fe9201fcb0680e3
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-doc_0.9.5-2~build0.10.10.1_all.deb
Size/MD5: 229474 84ca7bf3c8ec129cef1d3ffe883a46b7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_amd64.deb
Size/MD5: 335514 a225a5d9547d5790b2ce543757d94650
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_amd64.deb
Size/MD5: 543526 1896975be601150457a038df07564649
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_amd64.deb
Size/MD5: 258726 3afd9e92a7b3890261270f11077d0f49
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_i386.deb
Size/MD5: 315194 48ba93627e2e04f45a8fca9010468e0b
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_i386.deb
Size/MD5: 509944 dab7d1fea70f16345e99672ac1d6e1a4
http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_i386.deb
Size/MD5: 236882 4924a55e7f167fc07d3e0b5be3923b3c
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_armel.deb
Size/MD5: 320462 c2a7da209a25abcd5b47526bd2517a21
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_armel.deb
Size/MD5: 483256 b4ba9b76bf8e86420ba47ae91134cf1c
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_armel.deb
Size/MD5: 260228 afd755c9ab8251adf8f53d302f1c3f63
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.5-2~build0.10.10.1_powerpc.deb
Size/MD5: 314390 5049a1e59ba3de34ac6313a49bdd34e0
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.5-2~build0.10.10.1_powerpc.deb
Size/MD5: 484516 16a277103707f8da64039387044edc55
http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.5-2~build0.10.10.1_powerpc.deb
Size/MD5: 249876 110c4e365f1e545f98bf4b5412a39044
Posljednje sigurnosne preporuke