openSUSE Security Update: Security update for ffmpeg-4
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2020:0024-1
Rating:             moderate
References:         #1100345 #1133123 #1133153 #1133155 #1149839 
                    
Cross-References:   CVE-2017-17555 CVE-2018-13305 CVE-2019-11338
                    CVE-2019-11339 CVE-2019-15942
Affected Products:
                    SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

   An update that fixes 5 vulnerabilities is now available.

Description:

   This update for ffmpeg-4 fixes the following issues:

   ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153

   - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c
     in FFmpeg 4.0 allowed remote attackers to cause a denial of service
     (out-of-array access) or possibly have unspecified. (bsc#1133153)
   - For other changes see /usr/share/doc/packages/libavcodec58/Changelog

   Update to version 4.2.1:

   * Stable bug fix release, mainly codecs and format fixes.

   - CVE-2019-15942: Conditional jump or move depends on uninitialised value"
     issue in h2645_parse (boo#1149839)

   Update to FFmpeg 4.2 "Ada"

   * tpad filter
   * AV1 decoding support through libdav1d
   * dedot filter
   * chromashift and rgbashift filters   * freezedetect filter
   * truehd_core bitstream filter
   * dhav demuxer
   * PCM-DVD encoder
   * GIF parser
   * vividas demuxer
   * hymt decoder
   * anlmdn filter
   * maskfun filter
   * hcom demuxer and decoder
   * ARBC decoder
   * libaribb24 based ARIB STD-B24 caption support (profiles A and C)
   * Support decoding of HEVC 4:4:4 content in nvdec and cuviddec
   * removed libndi-newtek
   * agm decoder
   * KUX demuxer
   * AV1 frame split bitstream filter
   * lscr decoder
   * lagfun filter
   * asoftclip filter
   * Support decoding of HEVC 4:4:4 content in vdpau
   * colorhold filter
   * xmedian filter
   * asr filter
   * showspatial multimedia filter
   * VP4 video decoder
   * IFV demuxer
   * derain filter
   * deesser filter
   * mov muxer writes tracks with unspecified language instead of English by
     default
   * added support for using clang to compile CUDA kernels

   - See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete
     changelog.

   Update to version 4.1.4

   * See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete
     changelog.

   - Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen

   Update to version 4.1.3:

   * Updates and bug fixes for codecs, filters and formats. [boo#1133153,
     boo#1133155, CVE-2019-11338, CVE-2019-11339]

   Update to version 4.1.2:

   * Updates and bug fixes for codecs, filters and formats.

   Update to version 4.1.1:

   * Various filter and codec fixes and enhancements.
   * configure: Add missing xlib dependency for VAAPI X11 code.
   * For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog
   * enable AV1 support on x86_64

   Update ffmpeg to 4.1:

   * Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz,
     aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip,
     lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue,
     transpose_npp, amultiply, Block-Matching 3d (bm3d) denoising filter,
     acrossover filter, audio denoiser as afftdn filter, sinc audio filter
     source, chromahold, setparams, vibrance, xstack, (a)graphmonitor filter
     yadif_cuda filter.
   * AV1 parser
   * Support for AV1 in MP4
   * PCM VIDC decoder and encoder
   * libtensorflow backend for DNN based filters like srcnn
   * -- The following only enabled in third-party builds:
   * ATRAC9 decoder
   * AVS2 video decoder via libdavs2
   * IMM4 video decoder
   * Brooktree ProSumer video decoder
   * MatchWare Screen Capture Codec decoder
   * WinCam Motion Video decoder
   * RemotelyAnywhere Screen Capture decoder
   * AVS2 video encoder via libxavs2
   * ILBC decoder
   * SER demuxer
   * Decoding S12M timecode in H264
   * For complete changelog, see
     https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1

   Update ffmpeg to 4.0.3:

   * For complete changelog, see
     https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3

   - CVE-2018-13305: Added a missing check for negative values of mqaunt
     variable (boo#1100345).


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch openSUSE-2020-24=1



Package List:

   - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64):

      ffmpeg-4-libavcodec-devel-4.0.5-17.1
      ffmpeg-4-libavdevice-devel-4.0.5-17.1
      ffmpeg-4-libavfilter-devel-4.0.5-17.1
      ffmpeg-4-libavformat-devel-4.0.5-17.1
      ffmpeg-4-libavresample-devel-4.0.5-17.1
      ffmpeg-4-libavutil-devel-4.0.5-17.1
      ffmpeg-4-libpostproc-devel-4.0.5-17.1
      ffmpeg-4-libswresample-devel-4.0.5-17.1
      ffmpeg-4-libswscale-devel-4.0.5-17.1
      ffmpeg-4-private-devel-4.0.5-17.1
      libavcodec58-4.0.5-17.1
      libavdevice58-4.0.5-17.1
      libavfilter7-4.0.5-17.1
      libavformat58-4.0.5-17.1
      libavresample4-4.0.5-17.1
      libavutil56-4.0.5-17.1
      libpostproc55-4.0.5-17.1
      libswresample3-4.0.5-17.1
      libswscale5-4.0.5-17.1

   - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64_ilp32):

      libavcodec58-64bit-4.0.5-17.1
      libavdevice58-64bit-4.0.5-17.1
      libavfilter7-64bit-4.0.5-17.1
      libavformat58-64bit-4.0.5-17.1
      libavresample4-64bit-4.0.5-17.1
      libavutil56-64bit-4.0.5-17.1
      libpostproc55-64bit-4.0.5-17.1
      libswresample3-64bit-4.0.5-17.1
      libswscale5-64bit-4.0.5-17.1


References:

   https://www.suse.com/security/cve/CVE-2017-17555.html
   https://www.suse.com/security/cve/CVE-2018-13305.html
   https://www.suse.com/security/cve/CVE-2019-11338.html
   https://www.suse.com/security/cve/CVE-2019-11339.html
   https://www.suse.com/security/cve/CVE-2019-15942.html
   https://bugzilla.suse.com/1100345
   https://bugzilla.suse.com/1133123
   https://bugzilla.suse.com/1133153
   https://bugzilla.suse.com/1133155
   https://bugzilla.suse.com/1149839

--

openSUSE: 2020:0024-1: moderate: ffmpeg-4

January 13, 2020
An update that fixes 5 vulnerabilities is now available.

Description

This update for ffmpeg-4 fixes the following issues: ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153 - CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified. (bsc#1133153) - For other changes see /usr/share/doc/packages/libavcodec58/Changelog Update to version 4.2.1: * Stable bug fix release, mainly codecs and format fixes. - CVE-2019-15942: Conditional jump or move depends on uninitialised value" issue in h2645_parse (boo#1149839) Update to FFmpeg 4.2 "Ada" * tpad filter * AV1 decoding support through libdav1d * dedot filter * chromashift and rgbashift filters * freezedetect filter * truehd_core bitstream filter * dhav demuxer * PCM-DVD encoder * GIF parser * vividas demuxer * hymt decoder * anlmdn filter * maskfun filter * hcom demuxer and decoder * ARBC ...

Read the Full Advisory

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2020-24=1


Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): ffmpeg-4-libavcodec-devel-4.0.5-17.1 ffmpeg-4-libavdevice-devel-4.0.5-17.1 ffmpeg-4-libavfilter-devel-4.0.5-17.1 ffmpeg-4-libavformat-devel-4.0.5-17.1 ffmpeg-4-libavresample-devel-4.0.5-17.1 ffmpeg-4-libavutil-devel-4.0.5-17.1 ffmpeg-4-libpostproc-devel-4.0.5-17.1 ffmpeg-4-libswresample-devel-4.0.5-17.1 ffmpeg-4-libswscale-devel-4.0.5-17.1 ffmpeg-4-private-devel-4.0.5-17.1 libavcodec58-4.0.5-17.1 libavdevice58-4.0.5-17.1 libavfilter7-4.0.5-17.1 libavformat58-4.0.5-17.1 libavresample4-4.0.5-17.1 libavutil56-4.0.5-17.1 libpostproc55-4.0.5-17.1 libswresample3-4.0.5-17.1 libswscale5-4.0.5-17.1 - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64_ilp32): libavcodec58-64bit-4.0.5-17.1 libavdevice58-64bit-4.0.5-17.1 libavfilter7-64bit-4.0.5-17.1 libavformat58-64bit-4.0.5-17.1 libavresample4-64bit-4.0.5-17.1 libavutil56-64bit-4.0.5-17.1 libpostproc55-64bit-4.0.5-17.1 libswresample3-64bit-4.0.5-17.1 libswscale5-64bit-4.0.5-17.1


References

https://www.suse.com/security/cve/CVE-2017-17555.html https://www.suse.com/security/cve/CVE-2018-13305.html https://www.suse.com/security/cve/CVE-2019-11338.html https://www.suse.com/security/cve/CVE-2019-11339.html https://www.suse.com/security/cve/CVE-2019-15942.html https://bugzilla.suse.com/1100345 https://bugzilla.suse.com/1133123 https://bugzilla.suse.com/1133153 https://bugzilla.suse.com/1133155 https://bugzilla.suse.com/1149839--


Severity
Announcement ID: openSUSE-SU-2020:0024-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved