updating issues with [USN-1630-1] Libav vulnerabilities and Medibuntu packages
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Medibuntu |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
USN-1630-1 Libav updates have resulted in package problems with the following packages:
libav-tools libavdevice53 libavfilter2 libavformat53 libpostproc52 libswscale2.
# apt-get upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
libav-tools libavdevice53 libavfilter2 libavformat53 libpostproc52 libswscale2
The following packages will be upgraded:
ffmpeg libproxy1
2 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Need to get 58.2 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://
Get:2 http://
Fetched 58.2 kB in 1s (30.8 kB/s)
(Reading database ... 436377 files and directories currently installed.)
Preparing to replace libproxy1 0.4.7-0ubuntu4 (using .../libproxy1_
Unpacking replacement libproxy1 ...
Preparing to replace ffmpeg 4:0.8.3-
Unpacking replacement ffmpeg ...
Setting up libproxy1 (0.4.7-0ubuntu4.1) ...
Setting up ffmpeg (4:0.8.
Processing triggers for libc-bin ...
ldconfig deferred processing now taking place
# apt-get -f install libav-tools libavdevice53 libavfilter2 libavformat53 libpostproc52 libswscale2
Reading package lists... Done
Building dependency tree
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:
The following packages have unmet dependencies:
libav-tools : Depends: libavcodec53 (>= 4:0.8.4-
libavdevice53 : Depends: libavcodec53 (>= 4:0.8.4-
libavfilter2 : Depends: libavcodec53 (>= 4:0.8.4-
libavformat53 : Depends: libavcodec53 (>= 4:0.8.4-
libpostproc52 : Depends: libavutil51 (>= 4:0.8.4-
libswscale2 : Depends: libavutil51 (>= 4:0.8.4-
E: Unable to correct problems, you have held broken packages.
Changelog also showed a number of CVE issues: 4-0ubuntu0. 12.04.1)
libav (4:0.8.
* Update to 0.8.4 to fix multiple security issues. (LP: #1075593)
- CVE-2012-2772
- CVE-2012-2775
- CVE-2012-2776
- CVE-2012-2777
- CVE-2012-2779
- CVE-2012-2784
- CVE-2012-2786
- CVE-2012-2787
- CVE-2012-2788
- CVE-2012-2789
- CVE-2012-2790
- CVE-2012-2793
- CVE-2012-2794
- CVE-2012-2796
- CVE-2012-2798
- CVE-2012-2800
- CVE-2012-2801
- CVE-2012-2802
libproxy (0.4.7-0ubuntu4.1) precise-security patches/ CVE-2012- 4504.patch: move length check to proper
* SECURITY UPDATE: possible remote code execution via buffer overflow
- debian/
location in libproxy/url.cpp.
- CVE-2012-4504