Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Ubuntu 22.04 LTS USN-6449-2 Critical: FFmpeg Denial of Service

ubuntu
Calendar Grey November 15, 2023
Dist Ubuntu Esm H88
Apache HTTP Server vulnerability patched via Ubuntu Security Notice USN-6451-1. Upgrade immediately to mitigate risks related to unauthorized access.
USN-6449-1 introduced a regression in FFmpeg

Summary

USN-6449-1 introduced a regression in FFmpeg

Software Description:

- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update

could introduce a regression in tools using an FFmpeg library, like VLC.

This updated fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that FFmpeg incorrectly managed memory resulting

in a memory leak. An attacker could possibly use this issue to cause

a denial of service via application crash. This issue only

affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038)

It was discovered that FFmpeg incorrectly handled certain input files,

leading to an integer overflow. An attacker could possibly use this issue

to cause a denial of service via application crash. This issue only

affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090,

CVE-2021-38091, CVE-2021-38092, CVE-2021-38...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm3
   libavcodec-extra                7:4.4.2-0ubuntu0.22.04.1+esm3
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm3
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm3
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm3
   libavfilter-extra               7:4.4.2-0ubuntu0.22.04.1+esm3
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm3
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm3
   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm3
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm3
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm3
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm3
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm3
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm3
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm3

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm4
   libavcodec-extra                7:4.2.7-0ubuntu0.1+esm4
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm4
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm4
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm4
   libavfilter-extra               7:4.2.7-0ubuntu0.1+esm4
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm4
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm4
   libavformat58                   7:4.2.7-0ubuntu0.1+esm4
   libavresample4                  7:4.2.7-0ubuntu0.1+esm4
   libavutil-dev                   7:4.2.7-0ubuntu0.1+esm4
   libavutil56                     7:4.2.7-0ubuntu0.1+esm4
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm4
   libswresample3                  7:4.2.7-0ubuntu0.1+esm4
   libswscale5                     7:4.2.7-0ubuntu0.1+esm4

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm4
   libavcodec-extra                7:3.4.11-0ubuntu0.1+esm4
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm4
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm4
   libavdevice-dev                 7:3.4.11-0ubuntu0.1+esm4
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm4
   libavfilter-dev                 7:3.4.11-0ubuntu0.1+esm4
   libavfilter-extra               7:3.4.11-0ubuntu0.1+esm4
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm4
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm4
   libavformat57                   7:3.4.11-0ubuntu0.1+esm4
   libavresample3                  7:3.4.11-0ubuntu0.1+esm4
   libavutil-dev                   7:3.4.11-0ubuntu0.1+esm4
   libavutil55                     7:3.4.11-0ubuntu0.1+esm4
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm4
   libswresample2                  7:3.4.11-0ubuntu0.1+esm4
   libswscale4                     7:3.4.11-0ubuntu0.1+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6449-2

https://ubuntu.com/security/notices/USN-6449-1

https://bugs.launchpad.net/ubuntu/+source/ffmpeg/+bug/2042743

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6449-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here