Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 345559 (CVE-2010-4203) - <media-libs/libvpx-0.9.5: Remote Code Execution Vulnerability (CVE-2010-4203)
Summary: <media-libs/libvpx-0.9.5: Remote Code Execution Vulnerability (CVE-2010-4203)
Status: RESOLVED FIXED
Alias: CVE-2010-4203
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://review.webmproject.org/gitweb?...
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-11-15 04:20 UTC by Tim Sammut (RETIRED)
Modified: 2012-09-11 00:12 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tim Sammut (RETIRED) gentoo-dev 2010-11-15 04:20:46 UTC 
livpx contains a vulnerability that could allow a remote attacker to execute code as the local user by enticing the user to open a crafted file. This is fixed in 0.9.5, which is already in the tree. 

@media-video, are we ok to begin stabilization of =media-libs/libvpx-0.9.5? Thanks!
Comment 1 Tim Sammut (RETIRED) gentoo-dev 2010-12-03 07:50:36 UTC 
Arches, please test and mark stable:
=media-libs/libvpx-0.9.5
Target keywords : "amd64 x86"
Comment 2 Agostino Sarubbo gentoo-dev 2010-12-03 17:00:56 UTC 
amd64 ok
Comment 3 Thomas Kahle (RETIRED) gentoo-dev 2010-12-03 18:15:31 UTC 
On x86 I get 
 
    [STRIP] libvpx.a < libvpx_g.a
vp8/common/x86/vp8_asm_stubs.c.o: In function `vp8_sixtap_predict8x4_sse2':
vp8_asm_stubs.c:(.text+0x43): undefined reference to `vp8_six_tap_mmx'
vp8_asm_stubs.c:(.text+0xab): undefined reference to `vp8_six_tap_mmx'
vp8_asm_stubs.c:(.text+0xce): undefined reference to `vp8_six_tap_mmx'
vp8_asm_stubs.c:(.text+0x130): undefined reference to `vp8_six_tap_mmx'
vp8/common/x86/vp8_asm_stubs.c.o: In function `vp8_sixtap_predict8x8_sse2':
vp8_asm_stubs.c:(.text+0x1b3): undefined reference to `vp8_six_tap_mmx'
vp8/common/x86/vp8_asm_stubs.c.o:vp8_asm_stubs.c:(.text+0x21b): more undefined references to `vp8_six_tap_mmx' follow
vp8/encoder/x86/variance_sse2.c.o: In function `vp8_sub_pixel_variance4x4_wmt':
variance_sse2.c:(.text+0xb39): undefined reference to `vp8_vp7_bilinear_filters_mmx'
variance_sse2.c:(.text+0xb7e): undefined reference to `vp8_filter_block2d_bil4x4_var_mmx'
vp8/encoder/x86/variance_sse2.c.o: In function `vp8_variance4x4_wmt':
variance_sse2.c:(.text+0xc8d): undefined reference to `vp8_get4x4var_mmx'
vp8/common/x86/subpixel_sse2.asm.o: In function `no symbol':
vp8/common/x86/subpixel_sse2.asm:(.text+0x76f): undefined reference to `vp8_bilinear_filters_mmx'
/usr/lib/gcc/i686-pc-linux-gnu/4.4.4/../../../../i686-pc-linux-gnu/bin/ld: vp8/common/x86/subpixel_sse2.asm.o: relocation R_386_GOTOFF against undefined symbol `vp8_bilinear_filters_mmx' can not be used when making a shared object
/usr/lib/gcc/i686-pc-linux-gnu/4.4.4/../../../../i686-pc-linux-gnu/bin/ld: final link failed: Bad value
collect2: ld returned 1 exit status

when enabling USE='-mmx sse2'

Is this expected?
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2010-12-03 22:32:57 UTC 
(In reply to comment #3)
> On x86 I get 

 I can reproduce on x86.
Comment 5 Agostino Sarubbo gentoo-dev 2010-12-03 22:59:27 UTC 
(In reply to comment #4)
> (In reply to comment #3)
> > On x86 I get 
> 
>  I can reproduce on x86.
> 

Same here on amd64.
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2010-12-09 09:00:43 UTC 
No regression, we did not catch that on the first stabilisation, so x86 stable.
Comment 7 Markos Chandras (RETIRED) gentoo-dev 2010-12-10 21:46:00 UTC 
Well, amd64 will do the same. No regression. Thanks Agostino
Comment 8 Tim Sammut (RETIRED) gentoo-dev 2010-12-13 01:15:30 UTC 
Thanks, folks. GLSA request filed.
Comment 9 Tim Sammut (RETIRED) gentoo-dev 2011-01-15 02:17:44 UTC 
Thanks, folks. This was published as GLSA 201101-03.
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-09-11 00:12:02 UTC 
CVE-2010-4203 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4203):
  WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome
  before 7.0.517.44, allows remote attackers to cause a denial of service
  (memory corruption) or possibly execute arbitrary code via invalid frames.