Mailinglist Archive: opensuse-updates (111 mails)

< Previous Next >
openSUSE-SU-2018:0470-1: moderate: Security update for ffmpeg
openSUSE Security Update: Security update for ffmpeg
______________________________________________________________________________

Announcement ID: openSUSE-SU-2018:0470-1
Rating: moderate
References: #1064577 #1066428 #1069407 #1070762 #1072366
#1078488 #1079368
Cross-References: CVE-2017-15186 CVE-2017-15672 CVE-2017-16840
CVE-2017-17081 CVE-2017-17555 CVE-2018-6392
CVE-2018-6621
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 7 vulnerabilities is now available.

Description:

This update for ffmpeg fixes the following issues:

Updated ffmpeg to new bugfix release 3.4.2

* Fix integer overflows, multiplication overflows, undefined shifts, and
verify buffer lengths.
* avfilter/vf_transpose: Fix used plane count [boo#1078488,
CVE-2018-6392]
* avcodec/utvideodec: Fix bytes left check in decode_frame()
[boo#1079368, CVE-2018-6621]
- Enable use of libzvbi for displaying teletext subtitles.
- Fixed a DoS in swri_audio_convert() [boo#1072366, CVE-2017-17555].

Update to new bugfix release 3.4.1

* Fixed integer overflows, division by zero, illegal bit shifts
* Fixed the gmc_mmx function which failed to validate width and height
[boo#1070762, CVE-2017-17081]
* Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840]
* ffplay: use SDL2 audio API

- install also doc/ffserver.conf

- Update to new upstream release 3.4

* New video filters: deflicker, doublewave, lumakey, pixscope,
oscilloscope, robterts, limiter, libvmaf, unpremultiply, tlut2,
floodifll, pseudocolor, despill, convolve, vmafmotion.
* New audio filters: afir, crossfeed, surround, headphone,
superequalizer, haas.
* Some video filters with several inputs now use a common set
of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They must
always be used by name.
* librsvg support for svg rasterization
* spec-compliant VP9 muxing support in MP4
* Remove the libnut and libschroedinger muxer/demuxer wrappers
* drop deprecated qtkit input device (use avfoundation instead)
* SUP/PGS subtitle muxer
* VP9 tile threading support
* KMS screen grabber
* CUDA thumbnail filter
* V4L2 mem2mem HW assisted codecs
* Rockchip MPP hardware decoding
* (Not in openSUSE builds, only original ones:)
* Gremlin Digital Video demuxer and decoder
* Additional frame format support for Interplay MVE movies
* Dolby E decoder and SMPTE 337M demuxer
* raw G.726 muxer and demuxer, left- and right-justified
* NewTek NDI input/output device
* FITS demuxer, muxer, decoder and encoder
- Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186]
- Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-172=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x
x86_64):

ffmpeg-3.4.2-14.1
ffmpeg-debuginfo-3.4.2-14.1
ffmpeg-debugsource-3.4.2-14.1
libavcodec-devel-3.4.2-14.1
libavcodec57-3.4.2-14.1
libavcodec57-debuginfo-3.4.2-14.1
libavdevice-devel-3.4.2-14.1
libavdevice57-3.4.2-14.1
libavdevice57-debuginfo-3.4.2-14.1
libavfilter-devel-3.4.2-14.1
libavfilter6-3.4.2-14.1
libavfilter6-debuginfo-3.4.2-14.1
libavformat-devel-3.4.2-14.1
libavformat57-3.4.2-14.1
libavformat57-debuginfo-3.4.2-14.1
libavresample-devel-3.4.2-14.1
libavresample3-3.4.2-14.1
libavresample3-debuginfo-3.4.2-14.1
libavutil-devel-3.4.2-14.1
libavutil55-3.4.2-14.1
libavutil55-debuginfo-3.4.2-14.1
libpostproc-devel-3.4.2-14.1
libpostproc54-3.4.2-14.1
libpostproc54-debuginfo-3.4.2-14.1
libswresample-devel-3.4.2-14.1
libswresample2-3.4.2-14.1
libswresample2-debuginfo-3.4.2-14.1
libswscale-devel-3.4.2-14.1
libswscale4-3.4.2-14.1
libswscale4-debuginfo-3.4.2-14.1


References:

https://www.suse.com/security/cve/CVE-2017-15186.html
https://www.suse.com/security/cve/CVE-2017-15672.html
https://www.suse.com/security/cve/CVE-2017-16840.html
https://www.suse.com/security/cve/CVE-2017-17081.html
https://www.suse.com/security/cve/CVE-2017-17555.html
https://www.suse.com/security/cve/CVE-2018-6392.html
https://www.suse.com/security/cve/CVE-2018-6621.html
https://bugzilla.suse.com/1064577
https://bugzilla.suse.com/1066428
https://bugzilla.suse.com/1069407
https://bugzilla.suse.com/1070762
https://bugzilla.suse.com/1072366
https://bugzilla.suse.com/1078488
https://bugzilla.suse.com/1079368


< Previous Next >
This Thread
  • No further messages