*** This bug is a security vulnerability *** Public security bug reported:
Libav 0.8.17, 9.18 and 11.3 are out that fix a number of security issues. version 0.8.17: - utvideodec: Handle slice_height being zero (CVE-2014-9604) - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) - rmenc: limit packet size - eamad: check for out of bounds read (CID/1257500) - h264_cabac: Break infinite loops - matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266) - gifdec: refactor interleave end handling (CVE-2014-8547) - smc: fix the bounds check (CVE-2014-8548) - mmvideo: check frame dimensions (CVE-2014-8543) - jvdec: check frame dimensions (CVE-2014-8542) - mov: avoid a memleak when multiple stss boxes are present - apetag: Fix APE tag size check - x86: Only use optimizations with cmov if the CPU supports the instruction - x86: Add CPU flag for the i686 cmov instruction version 9.18: - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) - utvideodec: Handle slice_height being zero (CVE-2014-9604) - rmenc: limit packet size - rv10: check size of s->mb_width * s->mb_height - eamad: check for out of bounds read (CID/1257500) - arm: Suppress tags about used cpu arch and extensions - img2dec: correctly use the parsed value from -start_number - h264_cabac: Break infinite loops - matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266) - smc: fix the bounds check (CVE-2014-8548) - gifdec: refactor interleave end handling (CVE-2014-8547) - mmvideo: check frame dimensions (CVE-2014-8543) - jvdec: check frame dimensions (CVE-2014-8542) - mov: avoid a memleak when multiple stss boxes are present - mp3enc: fix a triggerable assert - apetag: Fix APE tag size check version 11.3: - utvideodec: Handle slice_height being zero (CVE-2014-9604) - adxdec: set avctx->channels in adx_read_header - rmenc: limit packet size - webp: validate the distance prefix code - rv10: check size of s->mb_width * s->mb_height - eamad: check for out of bounds read (CID/1257500) - mdec: check for out of bounds read (CID/1257501) - configure: Properly fail when libcdio/cdparanoia is not found - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) - aic: Fix decoding files with odd dimensions - vorbis: Check the vlc value in setup_classifs - arm: Suppress tags about used cpu arch and extensions - prores: Extend the padding check to 16bit - icecast: Do not use chunked post, allows feeding to icecast properly - img2dec: correctly use the parsed value from -start_number - h264_cabac: Break infinite loops - hevc_deblock: Fix compilation with nasm (libav #795) - h264: initialize H264Context.avctx in init_thread_copy - h264: Do not share rbsp_buffer across threads - h264: only ref cur_pic in update_thread_context if it is initialized - matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266) - log: Unbreak no-tty support on 256color terminals ** Affects: libav (Ubuntu) Importance: Undecided Status: Confirmed ** Affects: libav (Ubuntu Precise) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: libav (Ubuntu Trusty) Importance: Undecided Assignee: Marc Deslauriers (mdeslaur) Status: Confirmed ** Affects: libav (Ubuntu Utopic) Importance: Undecided Status: Confirmed ** Affects: libav (Ubuntu Vivid) Importance: Undecided Status: Confirmed ** Also affects: libav (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: libav (Ubuntu Vivid) Importance: Undecided Status: New ** Also affects: libav (Ubuntu Utopic) Importance: Undecided Status: New ** Also affects: libav (Ubuntu Trusty) Importance: Undecided Status: New ** Changed in: libav (Ubuntu Precise) Status: New => Confirmed ** Changed in: libav (Ubuntu Trusty) Status: New => Confirmed ** Changed in: libav (Ubuntu Utopic) Status: New => Confirmed ** Changed in: libav (Ubuntu Vivid) Status: New => Confirmed ** Changed in: libav (Ubuntu Precise) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) ** Changed in: libav (Ubuntu Trusty) Assignee: (unassigned) => Marc Deslauriers (mdeslaur) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to libav in Ubuntu. https://bugs.launchpad.net/bugs/1432610 Title: Libav security fixes March 2015 Status in libav package in Ubuntu: Confirmed Status in libav source package in Precise: Confirmed Status in libav source package in Trusty: Confirmed Status in libav source package in Utopic: Confirmed Status in libav source package in Vivid: Confirmed Bug description: Libav 0.8.17, 9.18 and 11.3 are out that fix a number of security issues. version 0.8.17: - utvideodec: Handle slice_height being zero (CVE-2014-9604) - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) - rmenc: limit packet size - eamad: check for out of bounds read (CID/1257500) - h264_cabac: Break infinite loops - matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266) - gifdec: refactor interleave end handling (CVE-2014-8547) - smc: fix the bounds check (CVE-2014-8548) - mmvideo: check frame dimensions (CVE-2014-8543) - jvdec: check frame dimensions (CVE-2014-8542) - mov: avoid a memleak when multiple stss boxes are present - apetag: Fix APE tag size check - x86: Only use optimizations with cmov if the CPU supports the instruction - x86: Add CPU flag for the i686 cmov instruction version 9.18: - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) - utvideodec: Handle slice_height being zero (CVE-2014-9604) - rmenc: limit packet size - rv10: check size of s->mb_width * s->mb_height - eamad: check for out of bounds read (CID/1257500) - arm: Suppress tags about used cpu arch and extensions - img2dec: correctly use the parsed value from -start_number - h264_cabac: Break infinite loops - matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266) - smc: fix the bounds check (CVE-2014-8548) - gifdec: refactor interleave end handling (CVE-2014-8547) - mmvideo: check frame dimensions (CVE-2014-8543) - jvdec: check frame dimensions (CVE-2014-8542) - mov: avoid a memleak when multiple stss boxes are present - mp3enc: fix a triggerable assert - apetag: Fix APE tag size check version 11.3: - utvideodec: Handle slice_height being zero (CVE-2014-9604) - adxdec: set avctx->channels in adx_read_header - rmenc: limit packet size - webp: validate the distance prefix code - rv10: check size of s->mb_width * s->mb_height - eamad: check for out of bounds read (CID/1257500) - mdec: check for out of bounds read (CID/1257501) - configure: Properly fail when libcdio/cdparanoia is not found - tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544) - aic: Fix decoding files with odd dimensions - vorbis: Check the vlc value in setup_classifs - arm: Suppress tags about used cpu arch and extensions - prores: Extend the padding check to 16bit - icecast: Do not use chunked post, allows feeding to icecast properly - img2dec: correctly use the parsed value from -start_number - h264_cabac: Break infinite loops - hevc_deblock: Fix compilation with nasm (libav #795) - h264: initialize H264Context.avctx in init_thread_copy - h264: Do not share rbsp_buffer across threads - h264: only ref cur_pic in update_thread_context if it is initialized - matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266) - log: Unbreak no-tty support on 256color terminals To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/1432610/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp