Test ID:	1.3.6.1.4.1.25623.1.0.69398
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2011:062 (ffmpeg)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to ffmpeg announced via advisory MDVSA-2011:062. Multiple vulnerabilities has been identified and fixed in ffmpeg: FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) via a crafted file that triggers an infinite loop. (CVE-2009-4636) flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allows remote attackers to execute arbitrary code via a crafted flic file, related to an arbitrary offset dereference vulnerability. (CVE-2010-3429) libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted .ogg file, related to the vorbis_floor0_decode function. (CVE-2010-4704) Fix heap corruption crashes (CVE-2011-0722) Fix invalid reads in VC-1 decoding (CVE-2011-0723) And several additional vulnerabilites originally discovered by Google Chrome developers were also fixed with this advisory. The updated packages have been patched to correct these issues. Affected: 2010.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:062 Risk factor : High CVSS Score: 6.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4636 BugTraq ID: 36465 http://www.securityfocus.com/bid/36465 Debian Security Information: DSA-2000 (Google Search) http://www.debian.org/security/2010/dsa-2000 http://www.mandriva.com/security/advisories?name=MDVSA-2011:061 http://www.mandriva.com/security/advisories?name=MDVSA-2011:062 http://www.mandriva.com/security/advisories?name=MDVSA-2011:088 http://www.mandriva.com/security/advisories?name=MDVSA-2011:089 http://www.mandriva.com/security/advisories?name=MDVSA-2011:112 http://www.mandriva.com/security/advisories?name=MDVSA-2011:114 http://scarybeastsecurity.blogspot.com/2009/09/patching-ffmpeg-into-shape.html https://roundup.ffmpeg.org/roundup/ffmpeg/issue1240 http://secunia.com/advisories/36805 http://secunia.com/advisories/38643 http://www.vupen.com/english/advisories/2011/1241 Common Vulnerability Exposure (CVE) ID: CVE-2010-3429 Bugtraq: 20100928 [oCERT-2010-004] FFmpeg/libavcodec arbitrary offset dereference (Google Search) http://www.securityfocus.com/archive/1/514009/100/0/threaded Debian Security Information: DSA-2165 (Google Search) http://www.debian.org/security/2011/dsa-2165 http://www.mandriva.com/security/advisories?name=MDVSA-2011:060 http://www.ocert.org/advisories/ocert-2010-004.html http://www.openwall.com/lists/oss-security/2010/09/28/4 http://secunia.com/advisories/41626 http://secunia.com/advisories/43323 http://www.ubuntu.com/usn/usn-1104-1/ http://www.vupen.com/english/advisories/2010/2517 http://www.vupen.com/english/advisories/2010/2518 Common Vulnerability Exposure (CVE) ID: CVE-2010-4704 BugTraq ID: 46294 http://www.securityfocus.com/bid/46294 Debian Security Information: DSA-2306 (Google Search) http://www.debian.org/security/2011/dsa-2306 Common Vulnerability Exposure (CVE) ID: CVE-2011-0722 BugTraq ID: 47149 http://www.securityfocus.com/bid/47149 Common Vulnerability Exposure (CVE) ID: CVE-2011-0723 BugTraq ID: 47151 http://www.securityfocus.com/bid/47151 http://ffmpeg.mplayerhq.hu/
Copyright	Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.