Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 456
Alerts This Week
Warning Icon 1 456

Fedora 38: 2023-a5e10b188a Critical: Chromaprint FFmpeg Flaws

fedora
Calendar Grey March 14, 2023
Dist Fedora Esm H88
A recent update for chromaprint in Fedora 38 has resolved several security vulnerabilities found in FFmpeg version 6.0, providing crucial details for users.
FFmpeg 6.0 upgrade

Summary

Chromaprint library is the core component of the AcoustID project. It's a

client-side library that implements a custom algorithm for extracting

fingerprints from raw audio sources.

The library exposes a simple C API. The documentation for the C API can be

found in the main header file.

License for binaries is GPLv2+ but source code is MIT + LGPLv2+

FFmpeg 6.0 upgrade. ---- update to 111.0.5563.64. Fixes the following

security issues: CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930

CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 CVE-2023-1213

CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218

CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223

CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227

* Sun Mar 12 2023 Neal Gompa - 1.5.1-8

- Rebuild for ffmpeg 6.0

[ 1 ] Bug #1944122 - notcurses-2.3.17 is available

https://bugzilla.redhat.com/show_bug.cgi?id=1944122

[ 2 ] Bug #2022640 - notcurses-2.4.9 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2022640

[ 3 ] Bug #2028587 - notcurses-3.0.4 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2028587

[ 4 ] Bug #2045133 - notcurses: FTBFS in Fedora rawhide/f36

https://bugzilla.redhat.com/show_bug.cgi?id=2045133

[ 5 ] Bug #2053373 - notcurses-3.0.6 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2053373

[ 6 ] Bug #2172934 - CVE-2023-0927 CVE-2023-0928 CVE-2023-0929 CVE-2023-0930 CVE-2023-0931 CVE-2023-0932 CVE-2023-0933 CVE-2023-0941 chromium: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2172934

[ 7 ] Bug #2173846 - ffmpeg-6.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2173846

[ 8 ] Bug #2174875 - k3b-22.12.3 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2174875

[ 9 ] Bug #2176135 - mlt-7.14.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2176135

[ 10 ] Bug #2176519 - CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 ... chromium: various flaws [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2176519

[ 11 ] Bug #2176520 - CVE-2023-1213 CVE-2023-1214 CVE-2023-1215 CVE-2023-1216 CVE-2023-1217 CVE-2023-1218 CVE-2023-1219 CVE-2023-1220 CVE-2023-1221 CVE-2023-1222 CVE-2023-1223 CVE-2023-1224 CVE-2023-1225 CVE-2023-1226 CVE-2023-1227 ... chromium: various flaws [epel-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2176520

[ 12 ] Bug #2177300 - retroarch-1.15.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2177300

[ 13 ] Bug #2177550 - nv-codec-headers-12.0.16.0 is available

https://bugzilla.redhat.com/show_bug.cgi?id=2177550

su -c 'dnf upgrade --advisory FEDORA-2023-a5e10b188a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 38
Version: 1.5.1
Release: 8.fc38
Summary: Library implementing the AcoustID fingerprinting

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.