Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 23rd, 2015
Linux Advisory Watch: March 20th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: 1015-1: libvpx vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Christoph Diehl discovered that libvpx did not properly perform boundschecking. If an application using libvpx opened a specially craftedWebM file, an attacker could cause a denial of service or possibly executecode as the user invoking the program. [More...]
Ubuntu Security Notice USN-1015-1          November 10, 2010
libvpx vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  libvpx0                         0.9.2-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

Christoph Diehl discovered that libvpx did not properly perform bounds
checking. If an application using libvpx opened a specially crafted
WebM file, an attacker could cause a denial of service or possibly execute
code as the user invoking the program.

Updated packages for Ubuntu 10.10:

  Source archives:
      Size/MD5:    11216 71651eb86d66635c6762bfbd09fc2dbe
      Size/MD5:     1915 acc3a3df81a1d44128642b82efd87500
      Size/MD5:  1197094 609370925b274aeaa29e94fc34c74957

  Architecture independent packages:
      Size/MD5:   213800 643f6dec01f57f032e3b0569fd740aea

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   317232 2bba15922882c45e09e00734cba97992
      Size/MD5:   513174 e7e4950eaeb1451d3b65877ee6160740
      Size/MD5:   242484 29757fcd05cb208a7417c80c0e1480be

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   295092 ad95c819c44989c1dffe857e8f5d7756
      Size/MD5:   482832 47d4ef6d2a62ee070301fe4b5872acd2
      Size/MD5:   221952 7ff75df2f1410385b6231d633eceeaec

  armel architecture (ARM Architecture):
      Size/MD5:   303772 a28b374676f0b28fb74cabea30cca822
      Size/MD5:   462142 a59e1096f88f18a844e37fabc99d1d7f
      Size/MD5:   244498 5bc6ca696e39ddc9af21a30856ff2177

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   279168 25295c9264836bdace7133836a634afb
      Size/MD5:   452792 c9c51d0c479379b19e77022992eb76ac
      Size/MD5:   218026 e4618be5cbce6571eae4810c9e80990f

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
OpenSSL Mystery Patch is No Heartbleed
Study: One-third of top websites vulnerable or hacked
Threat-sharing cybersecurity bill unveiled
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.