Libav security fixes March 2015

Bug #1432610 reported by Marc Deslauriers on 2015-03-16
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libav (Ubuntu)
Precise
High
Marc Deslauriers
Trusty
High
Marc Deslauriers
Utopic
High
Unassigned
Vivid
High
Unassigned

Bug Description

Libav 0.8.17, 9.18 and 11.3 are out that fix a number of security issues.

version 0.8.17:

- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- rmenc: limit packet size
- eamad: check for out of bounds read (CID/1257500)
- h264_cabac: Break infinite loops
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- smc: fix the bounds check (CVE-2014-8548)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mov: avoid a memleak when multiple stss boxes are present
- apetag: Fix APE tag size check
- x86: Only use optimizations with cmov if the CPU supports the instruction
- x86: Add CPU flag for the i686 cmov instruction

version 9.18:
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- rmenc: limit packet size
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- arm: Suppress tags about used cpu arch and extensions
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium/427266)
- smc: fix the bounds check (CVE-2014-8548)
- gifdec: refactor interleave end handling (CVE-2014-8547)
- mmvideo: check frame dimensions (CVE-2014-8543)
- jvdec: check frame dimensions (CVE-2014-8542)
- mov: avoid a memleak when multiple stss boxes are present
- mp3enc: fix a triggerable assert
- apetag: Fix APE tag size check

version 11.3:

- utvideodec: Handle slice_height being zero (CVE-2014-9604)
- adxdec: set avctx->channels in adx_read_header
- rmenc: limit packet size
- webp: validate the distance prefix code
- rv10: check size of s->mb_width * s->mb_height
- eamad: check for out of bounds read (CID/1257500)
- mdec: check for out of bounds read (CID/1257501)
- configure: Properly fail when libcdio/cdparanoia is not found
- tiff: Check that there is no aliasing in pixel format selection (CVE-2014-8544)
- aic: Fix decoding files with odd dimensions
- vorbis: Check the vlc value in setup_classifs
- arm: Suppress tags about used cpu arch and extensions
- prores: Extend the padding check to 16bit
- icecast: Do not use chunked post, allows feeding to icecast properly
- img2dec: correctly use the parsed value from -start_number
- h264_cabac: Break infinite loops
- hevc_deblock: Fix compilation with nasm (libav #795)
- h264: initialize H264Context.avctx in init_thread_copy
- h264: Do not share rbsp_buffer across threads
- h264: only ref cur_pic in update_thread_context if it is initialized
- matroskadec: Fix read-after-free in matroska_read_seek() (chromium #427266)
- log: Unbreak no-tty support on 256color terminals

Changed in libav (Ubuntu Precise):
status: New → Confirmed
Changed in libav (Ubuntu Trusty):
status: New → Confirmed
Changed in libav (Ubuntu Utopic):
status: New → Confirmed
Changed in libav (Ubuntu Vivid):
status: New → Confirmed
Changed in libav (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in libav (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 6:9.18-0ubuntu0.14.04.1

---------------
libav (6:9.18-0ubuntu0.14.04.1) trusty-security; urgency=medium

  * Update to 9.18 to fix multiple security issues (LP: #1432610,
    LP: #1370175)
    - CVE-2013-7020
    - CVE-2014-8542
    - CVE-2014-8543
    - CVE-2014-8544
    - CVE-2014-8547
    - CVE-2014-8548
    - CVE-2014-9604
 -- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 08:16:54 -0400

Changed in libav (Ubuntu Trusty):
status: Confirmed → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libav - 4:0.8.17-0ubuntu0.12.04.1

---------------
libav (4:0.8.17-0ubuntu0.12.04.1) precise-security; urgency=medium

  * Update to 0.8.17 to fix multiple security issues (LP: #1432610)
    - CVE-2014-8542
    - CVE-2014-8543
    - CVE-2014-8544
    - CVE-2014-8547
    - CVE-2014-8548
    - CVE-2014-9604
 -- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 08:10:23 -0400

Changed in libav (Ubuntu Precise):
status: Confirmed → Fix Released
Mathew Hodson (mhodson) on 2015-10-08
Changed in libav (Ubuntu Utopic):
status: Confirmed → Won't Fix
Changed in libav (Ubuntu):
importance: Undecided → High
Changed in libav (Ubuntu Precise):
importance: Undecided → High
Changed in libav (Ubuntu Trusty):
importance: Undecided → High
Changed in libav (Ubuntu Utopic):
importance: Undecided → High
Changed in libav (Ubuntu Vivid):
importance: Undecided → High
Mathew Hodson (mhodson) wrote :

libav is no longer packaged for Wily.

no longer affects: libav (Ubuntu)
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers