==========================================================================
Ubuntu Security Notice USN-6449-2
November 15, 2023

ffmpeg regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

USN-6449-1 introduced a regression in FFmpeg

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update
could introduce a regression in tools using an FFmpeg library, like VLC.

This updated fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that FFmpeg incorrectly managed memory resulting
in a memory leak. An attacker could possibly use this issue to cause
a denial of service via application crash. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038)

It was discovered that FFmpeg incorrectly handled certain input files,
leading to an integer overflow. An attacker could possibly use this issue
to cause a denial of service via application crash. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090,
CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094)

It was discovered that FFmpeg incorrectly managed memory, resulting in
a memory leak.  If a user or automated system were tricked into
processing a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service, or execute
arbitrary code. (CVE-2022-48434)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm3
   libavcodec-extra                7:4.4.2-0ubuntu0.22.04.1+esm3
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm3
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm3
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm3
   libavfilter-extra               7:4.4.2-0ubuntu0.22.04.1+esm3
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm3
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm3
   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm3
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm3
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm3
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm3
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm3
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm3
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm3

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm4
   libavcodec-extra                7:4.2.7-0ubuntu0.1+esm4
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm4
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm4
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm4
   libavfilter-extra               7:4.2.7-0ubuntu0.1+esm4
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm4
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm4
   libavformat58                   7:4.2.7-0ubuntu0.1+esm4
   libavresample4                  7:4.2.7-0ubuntu0.1+esm4
   libavutil-dev                   7:4.2.7-0ubuntu0.1+esm4
   libavutil56                     7:4.2.7-0ubuntu0.1+esm4
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm4
   libswresample3                  7:4.2.7-0ubuntu0.1+esm4
   libswscale5                     7:4.2.7-0ubuntu0.1+esm4

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm4
   libavcodec-extra                7:3.4.11-0ubuntu0.1+esm4
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm4
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm4
   libavdevice-dev                 7:3.4.11-0ubuntu0.1+esm4
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm4
   libavfilter-dev                 7:3.4.11-0ubuntu0.1+esm4
   libavfilter-extra               7:3.4.11-0ubuntu0.1+esm4
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm4
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm4
   libavformat57                   7:3.4.11-0ubuntu0.1+esm4
   libavresample3                  7:3.4.11-0ubuntu0.1+esm4
   libavutil-dev                   7:3.4.11-0ubuntu0.1+esm4
   libavutil55                     7:3.4.11-0ubuntu0.1+esm4
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm4
   libswresample2                  7:3.4.11-0ubuntu0.1+esm4
   libswscale4                     7:3.4.11-0ubuntu0.1+esm4

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6449-2
   https://ubuntu.com/security/notices/USN-6449-1
   https://launchpad.net/bugs/2042743

Ubuntu 6449-2: FFmpeg regression

November 15, 2023
USN-6449-1 introduced a regression in FFmpeg

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) Summary: USN-6449-1 introduced a regression in FFmpeg Software Description: - ffmpeg: Tools for transcoding, streaming and playing of multimedia files Details: USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update could introduce a regression in tools using an FFmpeg library, like VLC. This updated fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038) It was discovered that FFmpeg incorrectly handled certain input files, leading to an in...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm3 libavcodec-extra 7:4.4.2-0ubuntu0.22.04.1+esm3 libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm3 libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm3 libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm3 libavfilter-extra 7:4.4.2-0ubuntu0.22.04.1+esm3 libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm3 libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm3 libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm3 libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm3 libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm3 libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm3 libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm3 libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm3 libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm3 Ubuntu 20.04 LTS (Available with Ubuntu Pro): ffmpeg 7:4.2.7-0ubuntu0.1+esm4 libavcodec-extra 7:4.2.7-0ubuntu0.1+esm4 libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm4 libavcodec58 7:4.2.7-0ubuntu0.1+esm4 libavdevice58 7:4.2.7-0ubuntu0.1+esm4 libavfilter-extra 7:4.2.7-0ubuntu0.1+esm4 libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm4 libavfilter7 7:4.2.7-0ubuntu0.1+esm4 libavformat58 7:4.2.7-0ubuntu0.1+esm4 libavresample4 7:4.2.7-0ubuntu0.1+esm4 libavutil-dev 7:4.2.7-0ubuntu0.1+esm4 libavutil56 7:4.2.7-0ubuntu0.1+esm4 libpostproc55 7:4.2.7-0ubuntu0.1+esm4 libswresample3 7:4.2.7-0ubuntu0.1+esm4 libswscale5 7:4.2.7-0ubuntu0.1+esm4 Ubuntu 18.04 LTS (Available with Ubuntu Pro): ffmpeg 7:3.4.11-0ubuntu0.1+esm4 libavcodec-extra 7:3.4.11-0ubuntu0.1+esm4 libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm4 libavcodec57 7:3.4.11-0ubuntu0.1+esm4 libavdevice-dev 7:3.4.11-0ubuntu0.1+esm4 libavdevice57 7:3.4.11-0ubuntu0.1+esm4 libavfilter-dev 7:3.4.11-0ubuntu0.1+esm4 libavfilter-extra 7:3.4.11-0ubuntu0.1+esm4 libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm4 libavfilter6 7:3.4.11-0ubuntu0.1+esm4 libavformat57 7:3.4.11-0ubuntu0.1+esm4 libavresample3 7:3.4.11-0ubuntu0.1+esm4 libavutil-dev 7:3.4.11-0ubuntu0.1+esm4 libavutil55 7:3.4.11-0ubuntu0.1+esm4 libpostproc54 7:3.4.11-0ubuntu0.1+esm4 libswresample2 7:3.4.11-0ubuntu0.1+esm4 libswscale4 7:3.4.11-0ubuntu0.1+esm4 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6449-2

https://ubuntu.com/security/notices/USN-6449-1

https://launchpad.net/bugs/2042743

Severity
Ubuntu Security Notice USN-6449-2

Package Information

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved