Summary: | <media-libs/libvpx-0.9.5: Remote Code Execution Vulnerability (CVE-2010-4203) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | media-video |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://review.webmproject.org/gitweb?p=libvpx.git;a=commit;h=09bcc1f710ea65dc158639479288fb1908ff0c53 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-11-15 04:20:46 UTC
Arches, please test and mark stable: =media-libs/libvpx-0.9.5 Target keywords : "amd64 x86" amd64 ok On x86 I get [STRIP] libvpx.a < libvpx_g.a vp8/common/x86/vp8_asm_stubs.c.o: In function `vp8_sixtap_predict8x4_sse2': vp8_asm_stubs.c:(.text+0x43): undefined reference to `vp8_six_tap_mmx' vp8_asm_stubs.c:(.text+0xab): undefined reference to `vp8_six_tap_mmx' vp8_asm_stubs.c:(.text+0xce): undefined reference to `vp8_six_tap_mmx' vp8_asm_stubs.c:(.text+0x130): undefined reference to `vp8_six_tap_mmx' vp8/common/x86/vp8_asm_stubs.c.o: In function `vp8_sixtap_predict8x8_sse2': vp8_asm_stubs.c:(.text+0x1b3): undefined reference to `vp8_six_tap_mmx' vp8/common/x86/vp8_asm_stubs.c.o:vp8_asm_stubs.c:(.text+0x21b): more undefined references to `vp8_six_tap_mmx' follow vp8/encoder/x86/variance_sse2.c.o: In function `vp8_sub_pixel_variance4x4_wmt': variance_sse2.c:(.text+0xb39): undefined reference to `vp8_vp7_bilinear_filters_mmx' variance_sse2.c:(.text+0xb7e): undefined reference to `vp8_filter_block2d_bil4x4_var_mmx' vp8/encoder/x86/variance_sse2.c.o: In function `vp8_variance4x4_wmt': variance_sse2.c:(.text+0xc8d): undefined reference to `vp8_get4x4var_mmx' vp8/common/x86/subpixel_sse2.asm.o: In function `no symbol': vp8/common/x86/subpixel_sse2.asm:(.text+0x76f): undefined reference to `vp8_bilinear_filters_mmx' /usr/lib/gcc/i686-pc-linux-gnu/4.4.4/../../../../i686-pc-linux-gnu/bin/ld: vp8/common/x86/subpixel_sse2.asm.o: relocation R_386_GOTOFF against undefined symbol `vp8_bilinear_filters_mmx' can not be used when making a shared object /usr/lib/gcc/i686-pc-linux-gnu/4.4.4/../../../../i686-pc-linux-gnu/bin/ld: final link failed: Bad value collect2: ld returned 1 exit status when enabling USE='-mmx sse2' Is this expected? (In reply to comment #3) > On x86 I get I can reproduce on x86. (In reply to comment #4) > (In reply to comment #3) > > On x86 I get > > I can reproduce on x86. > Same here on amd64. No regression, we did not catch that on the first stabilisation, so x86 stable. Well, amd64 will do the same. No regression. Thanks Agostino Thanks, folks. GLSA request filed. Thanks, folks. This was published as GLSA 201101-03. CVE-2010-4203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4203): WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames. |