libquicktime vulnerabilities

A security issue affects these releases of Ubuntu and its
derivatives:

* Ubuntu 16.04 LTS

Summary

Several security issues were fixed in libquicktime.

Software Description

* libquicktime - Library for reading and writing quicktime files

Details

It was discovered that libquicktime incorrectly handled certain
malformed MP4 files. If a user were tricked into opening a
specially crafted MP4 file, a remote attacker could use this issue
to cause a denial of service (resource exhaustion).
(CVE-2017-9122)

It was discovered that libquicktime incorrectly handled certain
malformed MP4 files. If a user were tricked into opening a
specially crafted MP4 file, a remote attacker could use this issue
to cause libquicktime to crash, resulting in a denial of service.
(CVE-2017-9123, CVE-2017-9124, CVE-2017-9126, CVE-2017-9127,
CVE-2017-9128)

It was discovered that libquicktime incorrectly handled certain
malformed MP4 files. If a user were tricked into opening a
specially crafted MP4 file, a remote attacker could use this issue
to cause a denial of service. (CVE-2017-9125)

Update instructions

The problem can be corrected by updating your system to the
following package versions:

Ubuntu 16.04 LTS
libquicktime2 - 2:1.2.4-7+deb8u1ubuntu0.1
quicktime-utils - 2:1.2.4-7+deb8u1ubuntu0.1
quicktime-x11utils - 2:1.2.4-7+deb8u1ubuntu0.1

To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary
changes.

References

* CVE-2017-9122
* CVE-2017-9123
* CVE-2017-9124
* CVE-2017-9125
* CVE-2017-9126
* CVE-2017-9127
* CVE-2017-9128

--- Mystic BBS v1.12 A46 (Linux/64)
* Origin: BZ&BZ BBS (21:4/110)