Medibuntu

updating issues with [USN-1630-1] Libav vulnerabilities and Medibuntu packages

Bug #1078124 reported by Charles Peters II
32
This bug affects 6 people
Affects Status Importance Assigned to Milestone
Medibuntu
Fix Released
Undecided
Unassigned

Bug Description

USN-1630-1 Libav updates have resulted in package problems with the following packages:
libav-tools libavdevice53 libavfilter2 libavformat53 libpostproc52 libswscale2.

# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  libav-tools libavdevice53 libavfilter2 libavformat53 libpostproc52 libswscale2
The following packages will be upgraded:
  ffmpeg libproxy1
2 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Need to get 58.2 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://security/security/ precise-security/main libproxy1 i386 0.4.7-0ubuntu4.1 [56.0$
Get:2 http://security/security/ precise-security/main ffmpeg all 4:0.8.4-0ubuntu0.12.04.1 [$
Fetched 58.2 kB in 1s (30.8 kB/s)
(Reading database ... 436377 files and directories currently installed.)
Preparing to replace libproxy1 0.4.7-0ubuntu4 (using .../libproxy1_0.4.7-0ubuntu4.1_i386.de$
Unpacking replacement libproxy1 ...
Preparing to replace ffmpeg 4:0.8.3-0ubuntu0.12.04.1 (using .../ffmpeg_4%3a0.8.4-0ubuntu0.1$
Unpacking replacement ffmpeg ...
Setting up libproxy1 (0.4.7-0ubuntu4.1) ...
Setting up ffmpeg (4:0.8.4-0ubuntu0.12.04.1) ...
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place

# apt-get -f install libav-tools libavdevice53 libavfilter2 libavformat53 libpostproc52 libswscale2
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 libav-tools : Depends: libavcodec53 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                        libavcodec-extra-53 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
               Depends: libavutil51 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                        libavutil-extra-51 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
 libavdevice53 : Depends: libavcodec53 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                          libavcodec-extra-53 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
                 Depends: libavutil51 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                          libavutil-extra-51 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
 libavfilter2 : Depends: libavcodec53 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                         libavcodec-extra-53 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
                Depends: libavutil51 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                         libavutil-extra-51 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
 libavformat53 : Depends: libavcodec53 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                          libavcodec-extra-53 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
                 Depends: libavutil51 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                          libavutil-extra-51 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
 libpostproc52 : Depends: libavutil51 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                          libavutil-extra-51 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
 libswscale2 : Depends: libavutil51 (>= 4:0.8.4-0ubuntu0.12.04.1) but it is not going to be installed or
                        libavutil-extra-51 (>= 4:0.8.4) but 4:0.8.3ubuntu0.12.04.1+medibuntu1 is to be installed
E: Unable to correct problems, you have held broken packages.

Revision history for this message
Charles Peters II (cp) wrote :

Changelog also showed a number of CVE issues:
libav (4:0.8.4-0ubuntu0.12.04.1)
  * Update to 0.8.4 to fix multiple security issues. (LP: #1075593)
    - CVE-2012-2772
    - CVE-2012-2775
    - CVE-2012-2776
    - CVE-2012-2777
    - CVE-2012-2779
    - CVE-2012-2784
    - CVE-2012-2786
    - CVE-2012-2787
    - CVE-2012-2788
    - CVE-2012-2789
    - CVE-2012-2790
    - CVE-2012-2793
    - CVE-2012-2794
    - CVE-2012-2796
    - CVE-2012-2798
    - CVE-2012-2800
    - CVE-2012-2801
    - CVE-2012-2802

libproxy (0.4.7-0ubuntu4.1) precise-security
  * SECURITY UPDATE: possible remote code execution via buffer overflow
    - debian/patches/CVE-2012-4504.patch: move length check to proper
      location in libproxy/url.cpp.
    - CVE-2012-4504

Revision history for this message
tobydeemer (tobydeemer) wrote :

This also affects me:

tobydeemer@hostname:~$ sudo apt-get dist-upgrade
[sudo] password for tobydeemer:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  libav-tools libavdevice53 libavfilter2 libavformat53 libpostproc52 libswscale2
0 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.

I'm running Ubuntu 12.04.1 fully patched, currently using LXDE session (not that it matters for this issue.)

/var/log/dpkg.log and /var/log/apt/history.log don't show anything useful in way of errors or problems encountered, just the successfully updated packages.

Revision history for this message
BubbaJ (azstuenthome) wrote :

Affects me too. See below

bubba@lpc:~$ sudo apt-get dist-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  libavformat53 libpostproc52 libswscale2
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
bubba@lpc:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.1 LTS
Release: 12.04
Codename: precise

Revision history for this message
tobydeemer (tobydeemer) wrote :

I think this is sorted:
tobydeemer@hostname:~$ sudo apt-get dist-upgrade
[sudo] password for tobydeemer:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

Revision history for this message
Gauvain Pocentek (gpocentek) wrote :

Packages have been updated in medibuntu.

Changed in medibuntu:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.