Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE: 2019:1066-1 Low: ffmpeg-4 DoS and Info Disclosure

opensuse
Calendar Grey March 28, 2019
Dist Opensuse Esm H88
The most recent openSUSE patch addresses vulnerabilities in ffmpeg-4, tackling minor severity DoS risks alongside additional improvements.
An update that solves two vulnerabilities and has one errata is now available.

Description

This update for ffmpeg-4 to version 4.0.2 fixes the following issues:

These security issues were fixed:

- CVE-2018-15822: The flv_write_packet function did not check for an empty

audio packet, leading to an assertion failure and DoS (bsc#1105869).

- CVE-2018-13300: An improper argument passed to the avpriv_request_sample

function may have triggered an out-of-array read while converting a

crafted AVI file to MPEG4, leading to a denial of service and possibly

an information disclosure (bsc#1100348).

These non-security issues were fixed:

- Enable webvtt encoders and decoders (boo#1092241).

- Build codec2 encoder and decoder, add libcodec2 to enable_decoders and

enable_encoders.

- Enable mpeg 1 and 2 encoders.

This update was imported from the openSUSE:Leap:15.0:Update update project.

Topics%20covered

Topics Covered

security advisory update DoS low severity information disclosure ffmpeg openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1066=1

Package List

- openSUSE Backports SLE-15 (aarch64 ppc64le s390x x86_64):

ffmpeg-4-libavcodec-devel-4.0.2-bp150.21.1

ffmpeg-4-libavdevice-devel-4.0.2-bp150.21.1

ffmpeg-4-libavfilter-devel-4.0.2-bp150.21.1

ffmpeg-4-libavformat-devel-4.0.2-bp150.21.1

ffmpeg-4-libavresample-devel-4.0.2-bp150.21.1

ffmpeg-4-libavutil-devel-4.0.2-bp150.21.1

ffmpeg-4-libpostproc-devel-4.0.2-bp150.21.1

ffmpeg-4-libswresample-devel-4.0.2-bp150.21.1

ffmpeg-4-libswscale-devel-4.0.2-bp150.21.1

ffmpeg-4-private-devel-4.0.2-bp150.21.1

libavcodec58-4.0.2-bp150.21.1

libavdevice58-4.0.2-bp150.21.1

libavfilter7-4.0.2-bp150.21.1

libavformat58-4.0.2-bp150.21.1

libavresample4-4.0.2-bp150.21.1

libavutil56-4.0.2-bp150.21.1

libpostproc55-4.0.2-bp150.21.1

libswresample3-4.0.2-bp150.21.1

libswscale5-4.0.2-bp150.21.1

- openSUSE Backports SLE-15 (aarch64_ilp32):

libavcodec58-64bit-4.0.2-bp150.21.1

libavdevice58-64bit-4.0.2-bp150.21.1

libavfilter7-64bit-4.0.2-bp150.21.1

libavformat58-64bit-4.0.2-bp150.21.1

libavresample4-64bit-4.0.2-bp150.21.1

libavutil56-64bit-4.0.2-bp...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2018-13300.html

https://www.suse.com/security/cve/CVE-2018-15822.html

https://bugzilla.suse.com/1092241

https://bugzilla.suse.com/1100348

https://bugzilla.suse.com/1105869

--

Severity
low
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2019:1066-1
Rating: low
Affected Products: openSUSE Backports SLE-15 le.

Topics%20covered

Topics Covered

security advisory update DoS low severity information disclosure ffmpeg openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here