Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

openSUSE: 2020:0024-1 Moderate: ffmpeg-4 Denial of Service

opensuse
Calendar Grey January 13, 2020
Dist Opensuse Esm H88
This Fedora security bulletin outlines resolutions for libav-12 weaknesses, highlighting several vulnerabilities of moderate concern.
An update that fixes 5 vulnerabilities is now available.

Description

This update for ffmpeg-4 fixes the following issues:

ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153

- CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c

in FFmpeg 4.0 allowed remote attackers to cause a denial of service

(out-of-array access) or possibly have unspecified. (bsc#1133153)

- For other changes see /usr/share/doc/packages/libavcodec58/Changelog

Update to version 4.2.1:

* Stable bug fix release, mainly codecs and format fixes.

- CVE-2019-15942: Conditional jump or move depends on uninitialised value"

issue in h2645_parse (boo#1149839)

Update to FFmpeg 4.2 "Ada"

* tpad filter

* AV1 decoding support through libdav1d

* dedot filter

* chromashift and rgbashift filters * freezedetect filter

* truehd_core bitstream filter

* dhav demuxer

* PCM-DVD encoder

* GIF parser

* vividas demuxer

* hymt decoder

* anlmdn filter

* maskfun filter

* hcom demuxer and decoder

*...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-24=1

Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

ffmpeg-4-libavcodec-devel-4.0.5-17.1

ffmpeg-4-libavdevice-devel-4.0.5-17.1

ffmpeg-4-libavfilter-devel-4.0.5-17.1

ffmpeg-4-libavformat-devel-4.0.5-17.1

ffmpeg-4-libavresample-devel-4.0.5-17.1

ffmpeg-4-libavutil-devel-4.0.5-17.1

ffmpeg-4-libpostproc-devel-4.0.5-17.1

ffmpeg-4-libswresample-devel-4.0.5-17.1

ffmpeg-4-libswscale-devel-4.0.5-17.1

ffmpeg-4-private-devel-4.0.5-17.1

libavcodec58-4.0.5-17.1

libavdevice58-4.0.5-17.1

libavfilter7-4.0.5-17.1

libavformat58-4.0.5-17.1

libavresample4-4.0.5-17.1

libavutil56-4.0.5-17.1

libpostproc55-4.0.5-17.1

libswresample3-4.0.5-17.1

libswscale5-4.0.5-17.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64_ilp32):

libavcodec58-64bit-4.0.5-17.1

libavdevice58-64bit-4.0.5-17.1

libavfilter7-64bit-4.0.5-17.1

libavformat58-64bit-4.0.5-17.1

libavresample4-64bit-4.0.5-17.1

libavutil56-64bit-4.0.5-17.1

libpostproc55-64bit-4.0.5-17.1

libswresample3-64bit-4.0.5-17.1

libswscale5-64bit-4.0.5-17.1

References

https://www.suse.com/security/cve/CVE-2017-17555.html

https://www.suse.com/security/cve/CVE-2018-13305.html

https://www.suse.com/security/cve/CVE-2019-11338.html

https://www.suse.com/security/cve/CVE-2019-11339.html

https://www.suse.com/security/cve/CVE-2019-15942.html

https://bugzilla.suse.com/1100345

https://bugzilla.suse.com/1133123

https://bugzilla.suse.com/1133153

https://bugzilla.suse.com/1133155

https://bugzilla.suse.com/1149839

--

Announcement ID: openSUSE-SU-2020:0024-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here