Fedora 36: FEDORA-2023-1e24db98a6 Critical: ffmpeg Security Flaws

FFmpeg is a leading multimedia framework, able to decode, encode, transcode,

mux, demux, stream, filter and play pretty much anything that humans and

machines have created. It supports the most obscure ancient formats up to the

cutting edge. No matter if they were designed by some standards committee, the

community or a corporation.

This build of ffmpeg is limited in the number of codecs supported.

New release with bug fixes across the tree Contains security fixes for

CVE-2022-48434 and CVE-2022-3109.

* Thu Apr 6 2023 Neal Gompa - 5.0.3-1

- Update to 5.0.3

[ 1 ] Bug #2154844 - CVE-2022-3109 ffmpeg: Null Pointer Dereference [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2154844

[ 2 ] Bug #2182840 - CVE-2022-48434 ffmpeg: Use after free in libavcodec/pthread_frame.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2182840

su -c 'dnf upgrade --advisory FEDORA-2023-1e24db98a6' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it: