USN-630-1: ffmpeg vulnerability

07-28-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

USN-630-1: ffmpeg vulnerability

Referenced CVEs:
CVE-2008-3162

Description:
=========================================================== Ubuntu Security Notice USN-630-1 July 28, 2008 ffmpeg vulnerability CVE-2008-3162 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 7.10 Ubuntu 8.04 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: libavformat1d 3:0.cvs20070307-5ubuntu4.1 Ubuntu 8.04 LTS: libavformat1d 3:0.cvs20070307-5ubuntu7.1 In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that ffmpeg did not correctly handle STR file demuxing. If a user were tricked into processing a malicious STR file, a remote attacker could execute arbitrary code with user privileges via applications linked against ffmpeg.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

fpsd(1M) System Administration Commands fpsd(1M) NAME
fpsd - Fp-scrubber daemon SYNOPSIS
/usr/lib/fps/fpsd DESCRIPTION
fpsd is a user-level daemon that periodically runs non-intrusive tests to validate proper functioning of FPU (Floating Point Unit) hardware in the system. A fault management action is initiated by means of fmd(1M), in case an error is detected by the test. EXIT STATUS
The following exit values are returned: 0 Successful completion. non-zero An error occurred. ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWfsu | +-----------------------------+-----------------------------+ |Interface Stability |Uncommitted | +-----------------------------+-----------------------------+ SEE ALSO
svcs(1), fmd(1M), svcadm(1M), svccfg(1M), attributes(5), smf(5) NOTES
The fpsd service is managed by the service management facility, smf(5), under the service identifier: svc:/system/fpsd:default You can use svccfg(1M) to change the default fpsd behavior: Property Name Type Description ------------- ---- ----------- config/exclude_cpus astring comma delimited list of CPU IDs to be excluded from proactive testing. Administrative actions on this service, such as enabling, disabling, or requesting restart, can be performed using svcadm(1M). The ser- vice's status can be queried using the svcs(1) command. Disabling the service can increase system's vulnerability to silent data corruption, if a fault were to develop in an FPU within the sys- tem. SunOS 5.11 7 Aug 2008 fpsd(1M)

Security Advisories (RSS)

USN-630-1: ffmpeg vulnerability

LEARN ABOUT OPENSOLARIS

fpsd