LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 12th, 2014
Linux Security Week: December 9th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: 1015-1: libvpx vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu Christoph Diehl discovered that libvpx did not properly perform boundschecking. If an application using libvpx opened a specially craftedWebM file, an attacker could cause a denial of service or possibly executecode as the user invoking the program. [More...]
===========================================================
Ubuntu Security Notice USN-1015-1          November 10, 2010
libvpx vulnerability
CVE-2010-4203
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 10.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 10.10:
  libvpx0                         0.9.2-1ubuntu0.1

In general, a standard system update will make all the necessary changes.

Details follow:

Christoph Diehl discovered that libvpx did not properly perform bounds
checking. If an application using libvpx opened a specially crafted
WebM file, an attacker could cause a denial of service or possibly execute
code as the user invoking the program.


Updated packages for Ubuntu 10.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.2-1ubuntu0.1.debian.tar.gz
      Size/MD5:    11216 71651eb86d66635c6762bfbd09fc2dbe
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.2-1ubuntu0.1.dsc
      Size/MD5:     1915 acc3a3df81a1d44128642b82efd87500
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx_0.9.2.orig.tar.bz2
      Size/MD5:  1197094 609370925b274aeaa29e94fc34c74957

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-doc_0.9.2-1ubuntu0.1_all.deb
      Size/MD5:   213800 643f6dec01f57f032e3b0569fd740aea

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.2-1ubuntu0.1_amd64.deb
      Size/MD5:   317232 2bba15922882c45e09e00734cba97992
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.2-1ubuntu0.1_amd64.deb
      Size/MD5:   513174 e7e4950eaeb1451d3b65877ee6160740
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.2-1ubuntu0.1_amd64.deb
      Size/MD5:   242484 29757fcd05cb208a7417c80c0e1480be

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx-dev_0.9.2-1ubuntu0.1_i386.deb
      Size/MD5:   295092 ad95c819c44989c1dffe857e8f5d7756
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0-dbg_0.9.2-1ubuntu0.1_i386.deb
      Size/MD5:   482832 47d4ef6d2a62ee070301fe4b5872acd2
    http://security.ubuntu.com/ubuntu/pool/main/libv/libvpx/libvpx0_0.9.2-1ubuntu0.1_i386.deb
      Size/MD5:   221952 7ff75df2f1410385b6231d633eceeaec

  armel architecture (ARM Architecture):

    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.2-1ubuntu0.1_armel.deb
      Size/MD5:   303772 a28b374676f0b28fb74cabea30cca822
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.2-1ubuntu0.1_armel.deb
      Size/MD5:   462142 a59e1096f88f18a844e37fabc99d1d7f
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.2-1ubuntu0.1_armel.deb
      Size/MD5:   244498 5bc6ca696e39ddc9af21a30856ff2177

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx-dev_0.9.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   279168 25295c9264836bdace7133836a634afb
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0-dbg_0.9.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   452792 c9c51d0c479379b19e77022992eb76ac
    http://ports.ubuntu.com/pool/main/libv/libvpx/libvpx0_0.9.2-1ubuntu0.1_powerpc.deb
      Size/MD5:   218026 e4618be5cbce6571eae4810c9e80990f




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
The Difference Between Wi-Fi Security Protocols: WPA2-AES vs WPA2-TKIP
Segmenting for security: Five steps to protect your network
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.