-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-1030f4816a 2019-11-18 01:17:12.296104 --------------------------------------------------------------------------------
Name : libmp4v2 Product : Fedora 30 Version : 2.1.0 Release : 0.19.trunkREV507.fc30 URL : http://code.google.com/p/mp4v2 Summary : Library for working with files using the mp4 container format Description : The libmp4v2 library provides an abstraction layer for working with files using the mp4 container format. This library is developed by mpeg4ip project and is an exact copy of the library distributed in the mpeg4ip package.
-------------------------------------------------------------------------------- Update Information:
Fix crash made by the new patches ---- Fix https://nvd.nist.gov/vuln/detail/CVE-2018-14446 https://nvd.nist.gov/vuln/detail/CVE-2018-14403 https://nvd.nist.gov/vuln/detail/CVE-2018-14379 https://nvd.nist.gov/vuln/detail/CVE-2018-14326 https://nvd.nist.gov/vuln/detail/CVE-2018-14325 https://nvd.nist.gov/vuln/detail/CVE-2018-14054 based on https://github.com/TechSmith/mp4v2/pull/27 and https://github.com/sergiomb2/libmp4v2/ -------------------------------------------------------------------------------- ChangeLog:
* Fri Nov 8 2019 S��rgio Basto sergio@serjux.com - 2.1.0-0.19.trunkREV507 - Fix-v3-Integer-underflow-overflow-in-MP4v2-2.0.0 * Sat Nov 2 2019 S��rgio Basto sergio@serjux.com - 2.1.0-0.18.trunkREV507 - Fix https://nvd.nist.gov/vuln/detail/CVE-2018-14446 https://nvd.nist.gov/vuln/detail/CVE-2018-14403 https://nvd.nist.gov/vuln/detail/CVE-2018-14379 https://nvd.nist.gov/vuln/detail/CVE-2018-14326 https://nvd.nist.gov/vuln/detail/CVE-2018-14325 https://nvd.nist.gov/vuln/detail/CVE-2018-14054 based on https://github.com/TechSmith/mp4v2/pull/27 and https://github.com/sergiomb2/libmp4v2/ - Update spec - Fix build on epel7 * Thu Jul 25 2019 Fedora Release Engineering releng@fedoraproject.org - 2.1.0-0.17.trunkREV507 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1769287 - Divide-by-zero crash in libmp4v2 https://bugzilla.redhat.com/show_bug.cgi?id=1769287 [ 2 ] Bug #1603296 - CVE-2018-14054 libmp4v2: Double free in the MP4StringProperty class in mp4property.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1603296 [ 3 ] Bug #1603236 - CVE-2018-14379 libmp4v2: Type confusion in MP4Atom::factory in mp4atom.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1603236 [ 4 ] Bug #1603224 - CVE-2018-14403 libmp4v2: Out-of-bounds read in MP4NameFirstMatches in mp4util.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1603224 [ 5 ] Bug #1601679 - CVE-2018-14325 libmp4v2: Integer underflow in when parsing MP4Atom in mp4atom.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1601679 [ 6 ] Bug #1601675 - CVE-2018-14326 libmp4v2: Missing check for integer overflow in mp4array.h:Resize() allows for denial of service via crafted MP4 [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1601675 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-1030f4816a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------