Researcher Name: Don A. Bailey Researcher Organization: Lab Mouse Security Researcher Email: donb at securitymouse.com Researcher Website: www.securitymouse.com Vulnerability Status: Patched Vulnerability Embargo: Broken Vulnerability Class: Integer Overflow Vulnerability Effect: Memory Corruption Vulnerability Impact: DoS, OOW, RCE Vulnerability DoS Practicality: Practical Vulnerability OOW Practicality: Practical Vulnerability RCE Practicality: Practical Vulnerability Criticality: Critical Vulnerability Scope: All versions of libav are affected. All architectures supported by libav are affected. Criticality Reasoning --------------------- This vulnerability can be triggered through a compression payload embedded in a video file. Due to the nature of this memory corruption vulnerability, exploitation of the bug can be seamless and work in the background during normal video playback. A user will never notice that playback has been compromised. Testing was successfully performed on all variants of mplayer2, including gecko-mplayer2 embedded in Firefox, Iceweasel, Opera, Chromium, and Konqueror on Linux. Ease of compromise is partly due to libav's use of tmalloc, which places a header containing function pointers at the beginning of allocated heap regions. Exploitation of the compression vulnerability overwrites these function pointers, which then point to ROP payloads that allow for the bypassing of ASLR and NX security enhancements. See more details in ${URL}
We are happy to update three release branches: Today, we provide you with Libav 10.2, Libav 9.14, and Libav 0.8.13, which address a number of critical functional and security issues that we have been made aware of. In particular, these releases address the recently discovered LZO issue.
Arches please test and mark stable: =media-video/libav-9.14 target keywords :"alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
(In reply to Agostino Sarubbo from comment #2) > Arches please test and mark stable: > =media-video/libav-9.14 > target keywords :"alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" and =virtual/ffmpeg-9 where is required.
With the blockers gone, please proceed with stabilization, same as comment #3
amd64 stable as part of the stabilization of gnome 3.12 in bug #512012
x86 stable as part of the stabilization of gnome 3.12 in bug #512012 ppc stable as part of the stabilization of gnome 3.12 in bug #512012
Actual stabilization list for Alpha: dev-libs/openssl-1.0.1h-r2 media-libs/libdc1394-2.2.1 media-libs/libmodplug-0.8.8.4-r1 media-libs/libsamplerate-0.1.8-r1 media-libs/speex-1.2_rc1-r2 media-libs/vo-aacenc-0.1.3 media-libs/x264-0.0.20130506 media-libs/xvid-1.3.2-r1 media-sound/gsm-1.0.13-r1 media-sound/jack-audio-connection-kit-0.121.3-r1 media-sound/lame-3.99.5-r1 media-sound/twolame-0.3.13-r1 media-video/libav-9.14
arm stable
Stable for HPPA.
ppc64 stable
ia64 stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
Arches, Thank you for your work Maintainer(s), please drop the vulnerable version. GLSA Vote: No
Cleanup done
This is part of the Master GLSA for LZO vulnerabilities. Adding to existing GLSA.
This issue was resolved and addressed in GLSA 201502-08 at http://security.gentoo.org/glsa/glsa-201502-08.xml by GLSA coordinator Kristian Fiskerstrand (K_F).