You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa ffmpeg-4

Sigurnosni nedostaci programskog paketa ffmpeg-4

openSUSE Security Update: Security update for ffmpeg-4
______________________________________________________________________________

Announcement ID: openSUSE-SU-2019:1066-1
Rating: low
References: #1092241 #1100348 #1105869
Cross-References: CVE-2018-13300 CVE-2018-15822
Affected Products:
openSUSE Backports SLE-15
______________________________________________________________________________

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for ffmpeg-4 to version 4.0.2 fixes the following issues:

These security issues were fixed:

– CVE-2018-15822: The flv_write_packet function did not check for an empty
audio packet, leading to an assertion failure and DoS (bsc#1105869).
– CVE-2018-13300: An improper argument passed to the avpriv_request_sample
function may have triggered an out-of-array read while converting a
crafted AVI file to MPEG4, leading to a denial of service and possibly
an information disclosure (bsc#1100348).

These non-security issues were fixed:

– Enable webvtt encoders and decoders (boo#1092241).
– Build codec2 encoder and decoder, add libcodec2 to enable_decoders and
enable_encoders.
– Enable mpeg 1 and 2 encoders.

This update was imported from the openSUSE:Leap:15.0:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1066=1

Package List:

– openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

ffmpeg-4-libavcodec-devel-4.0.2-bp150.21.1
ffmpeg-4-libavdevice-devel-4.0.2-bp150.21.1
ffmpeg-4-libavfilter-devel-4.0.2-bp150.21.1
ffmpeg-4-libavformat-devel-4.0.2-bp150.21.1
ffmpeg-4-libavresample-devel-4.0.2-bp150.21.1
ffmpeg-4-libavutil-devel-4.0.2-bp150.21.1
ffmpeg-4-libpostproc-devel-4.0.2-bp150.21.1
ffmpeg-4-libswresample-devel-4.0.2-bp150.21.1
ffmpeg-4-libswscale-devel-4.0.2-bp150.21.1
ffmpeg-4-private-devel-4.0.2-bp150.21.1
libavcodec58-4.0.2-bp150.21.1
libavdevice58-4.0.2-bp150.21.1
libavfilter7-4.0.2-bp150.21.1
libavformat58-4.0.2-bp150.21.1
libavresample4-4.0.2-bp150.21.1
libavutil56-4.0.2-bp150.21.1
libpostproc55-4.0.2-bp150.21.1
libswresample3-4.0.2-bp150.21.1
libswscale5-4.0.2-bp150.21.1

– openSUSE Backports SLE-15 (aarch64_ilp32):

libavcodec58-64bit-4.0.2-bp150.21.1
libavdevice58-64bit-4.0.2-bp150.21.1
libavfilter7-64bit-4.0.2-bp150.21.1
libavformat58-64bit-4.0.2-bp150.21.1
libavresample4-64bit-4.0.2-bp150.21.1
libavutil56-64bit-4.0.2-bp150.21.1
libpostproc55-64bit-4.0.2-bp150.21.1
libswresample3-64bit-4.0.2-bp150.21.1
libswscale5-64bit-4.0.2-bp150.21.1

References:

https://www.suse.com/security/cve/CVE-2018-13300.html
https://www.suse.com/security/cve/CVE-2018-15822.html
https://bugzilla.suse.com/1092241
https://bugzilla.suse.com/1100348
https://bugzilla.suse.com/1105869


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostaci programske biblioteke libssh2

Otkriveni su sigurnosni nedostaci programske biblioteke libssh2 za operacijski sustav openSUSE. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja ili...

Close