Alerts This Week
Warning Icon 1 646
Alerts This Week
Warning Icon 1 646

openSUSE: 2020:0024-1 Moderate: ffmpeg-4 Denial of Service

opensuse
Calendar Grey January 13, 2020
Dist Opensuse Esm H88
This Fedora security bulletin outlines resolutions for libav-12 weaknesses, highlighting several vulnerabilities of moderate concern.
An update that fixes 5 vulnerabilities is now available.

Description

This update for ffmpeg-4 fixes the following issues:

ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153

- CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c

in FFmpeg 4.0 allowed remote attackers to cause a denial of service

(out-of-array access) or possibly have unspecified. (bsc#1133153)

- For other changes see /usr/share/doc/packages/libavcodec58/Changelog

Update to version 4.2.1:

* Stable bug fix release, mainly codecs and format fixes.

- CVE-2019-15942: Conditional jump or move depends on uninitialised value"

issue in h2645_parse (boo#1149839)

Update to FFmpeg 4.2 "Ada"

* tpad filter

* AV1 decoding support through libdav1d

* dedot filter

* chromashift and rgbashift filters * freezedetect filter

* truehd_core bitstream filter

* dhav demuxer

* PCM-DVD encoder

* GIF parser

* vividas demuxer

* hymt decoder

* anlmdn filter

* maskfun filter

* hcom demuxer and decoder

*...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate denial of service update software fix ffmpeg openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-24=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

ffmpeg-4-libavcodec-devel-4.0.5-17.1

ffmpeg-4-libavdevice-devel-4.0.5-17.1

ffmpeg-4-libavfilter-devel-4.0.5-17.1

ffmpeg-4-libavformat-devel-4.0.5-17.1

ffmpeg-4-libavresample-devel-4.0.5-17.1

ffmpeg-4-libavutil-devel-4.0.5-17.1

ffmpeg-4-libpostproc-devel-4.0.5-17.1

ffmpeg-4-libswresample-devel-4.0.5-17.1

ffmpeg-4-libswscale-devel-4.0.5-17.1

ffmpeg-4-private-devel-4.0.5-17.1

libavcodec58-4.0.5-17.1

libavdevice58-4.0.5-17.1

libavfilter7-4.0.5-17.1

libavformat58-4.0.5-17.1

libavresample4-4.0.5-17.1

libavutil56-4.0.5-17.1

libpostproc55-4.0.5-17.1

libswresample3-4.0.5-17.1

libswscale5-4.0.5-17.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64_ilp32):

libavcodec58-64bit-4.0.5-17.1

libavdevice58-64bit-4.0.5-17.1

libavfilter7-64bit-4.0.5-17.1

libavformat58-64bit-4.0.5-17.1

libavresample4-64bit-4.0.5-17.1

libavutil56-64bit-4.0.5-17.1

libpostproc55-64bit-4.0.5-17.1

libswresample3-64bit-4.0.5-17.1

libswscale5-64bit-4.0.5-17.1

References

https://www.suse.com/security/cve/CVE-2017-17555.html

https://www.suse.com/security/cve/CVE-2018-13305.html

https://www.suse.com/security/cve/CVE-2019-11338.html

https://www.suse.com/security/cve/CVE-2019-11339.html

https://www.suse.com/security/cve/CVE-2019-15942.html

https://bugzilla.suse.com/1100345

https://bugzilla.suse.com/1133123

https://bugzilla.suse.com/1133153

https://bugzilla.suse.com/1133155

https://bugzilla.suse.com/1149839

--

Announcement ID: openSUSE-SU-2020:0024-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Topics%20covered

Topics Covered

security advisory moderate denial of service update software fix ffmpeg openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here