Alerts This Week
Warning Icon 1 666
Alerts This Week
Warning Icon 1 666

openSUSE Leap 42.3 and 15.0: 2018:2723-1 Low: ffmpeg-4 DoS Info Leak

opensuse
Calendar Grey September 15, 2018
Dist Opensuse Esm H88
The recent patch for ffmpeg-4 resolves a couple of potential vulnerabilities in openSUSE Leap, targeting denial of service and sensitive data exposure.
An update that solves two vulnerabilities and has one errata is now available.

Description

This update for ffmpeg-4 to version 4.0.2 fixes the following issues:

These security issues were fixed:

- CVE-2018-15822: The flv_write_packet function did not check for an empty

audio packet, leading to an assertion failure and DoS (bsc#1105869).

- CVE-2018-13300: An improper argument passed to the avpriv_request_sample

function may have triggered an out-of-array read while converting a

crafted AVI file to MPEG4, leading to a denial of service and possibly

an information disclosure (bsc#1100348).

These non-security issues were fixed:

- Enable webvtt encoders and decoders (boo#1092241).

- Build codec2 encoder and decoder, add libcodec2 to enable_decoders and

enable_encoders.

- Enable mpeg 1 and 2 encoders.

Topics%20covered

Topics Covered

security advisory information leak update DoS patch ffmpeg openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-1004=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2018-1004=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

ffmpeg-4-debugsource-4.0.2-13.1

ffmpeg-4-libavcodec-devel-4.0.2-13.1

ffmpeg-4-libavdevice-devel-4.0.2-13.1

ffmpeg-4-libavfilter-devel-4.0.2-13.1

ffmpeg-4-libavformat-devel-4.0.2-13.1

ffmpeg-4-libavresample-devel-4.0.2-13.1

ffmpeg-4-libavutil-devel-4.0.2-13.1

ffmpeg-4-libpostproc-devel-4.0.2-13.1

ffmpeg-4-libswresample-devel-4.0.2-13.1

ffmpeg-4-libswscale-devel-4.0.2-13.1

ffmpeg-4-private-devel-4.0.2-13.1

libavcodec58-4.0.2-13.1

libavcodec58-debuginfo-4.0.2-13.1

libavdevice58-4.0.2-13.1

libavdevice58-debuginfo-4.0.2-13.1

libavfilter7-4.0.2-13.1

libavfilter7-debuginfo-4.0.2-13.1

libavformat58-4.0.2-13.1

libavformat58-debuginfo-4.0.2-13.1

libavresample4-4.0.2-13.1

libavresample4-debuginfo-4.0.2-13.1

libavutil56-4.0.2-13.1

libavutil56-debuginfo-4.0.2-13.1

libpostproc55-4.0.2-13.1

libpostproc55-debuginfo-4.0.2-13.1

libswresample3-4.0.2-13.1

libswresample3-debuginfo-4.0.2-13.1

libswscale5-4.0.2-13.1

libswscale5-debuginfo-4.0.2-13.1

- openSUSE Leap 42.3 (x86_64):

libavcodec58-32bit-4.0.2...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-13300.html

https://www.suse.com/security/cve/CVE-2018-15822.html

https://bugzilla.suse.com/1092241

https://bugzilla.suse.com/1100348

https://bugzilla.suse.com/1105869

--

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2018:2723-1
Rating: low
Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 le.

Topics%20covered

Topics Covered

security advisory information leak update DoS patch ffmpeg openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here