Описание
This update has recommended fixes for ffmpeg-4
This updates fixes the following issues for ffmpeg-4:
Security fixes:
- CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934).
Other fixes:
- Add necessary subpackages to the Packagehub. (bsc#1206067)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
libavcodec58_134-4.4-150400.3.15.1
libavformat58_76-4.4-150400.3.15.1
libavutil56_70-4.4-150400.3.15.1
libpostproc55_9-4.4-150400.3.15.1
libswresample3_9-4.4-150400.3.15.1
SUSE Linux Enterprise Module for Package Hub 15 SP4
ffmpeg-4-4.4-150400.3.15.1
libavdevice58_13-4.4-150400.3.15.1
libavdevice58_13-32bit-4.4-150400.3.15.1
libavdevice58_13-64bit-4.4-150400.3.15.1
libavfilter7_110-4.4-150400.3.15.1
libavfilter7_110-32bit-4.4-150400.3.15.1
libavfilter7_110-64bit-4.4-150400.3.15.1
libavformat58_76-4.4-150400.3.15.1
libavresample4_0-4.4-150400.3.15.1
libavresample4_0-32bit-4.4-150400.3.15.1
libavresample4_0-64bit-4.4-150400.3.15.1
libpostproc55_9-4.4-150400.3.15.1
libpostproc55_9-32bit-4.4-150400.3.15.1
libpostproc55_9-64bit-4.4-150400.3.15.1
libswresample3_9-4.4-150400.3.15.1
SUSE Linux Enterprise Workstation Extension 15 SP4
libavformat58_76-4.4-150400.3.15.1
libswscale5_9-4.4-150400.3.15.1
openSUSE Leap 15.4
ffmpeg-4-4.4-150400.3.15.1
ffmpeg-4-libavcodec-devel-4.4-150400.3.15.1
ffmpeg-4-libavdevice-devel-4.4-150400.3.15.1
ffmpeg-4-libavfilter-devel-4.4-150400.3.15.1
ffmpeg-4-libavformat-devel-4.4-150400.3.15.1
ffmpeg-4-libavresample-devel-4.4-150400.3.15.1
ffmpeg-4-libavutil-devel-4.4-150400.3.15.1
ffmpeg-4-libpostproc-devel-4.4-150400.3.15.1
ffmpeg-4-libswresample-devel-4.4-150400.3.15.1
ffmpeg-4-libswscale-devel-4.4-150400.3.15.1
ffmpeg-4-private-devel-4.4-150400.3.15.1
libavcodec58_134-4.4-150400.3.15.1
libavcodec58_134-32bit-4.4-150400.3.15.1
libavdevice58_13-4.4-150400.3.15.1
libavdevice58_13-32bit-4.4-150400.3.15.1
libavfilter7_110-4.4-150400.3.15.1
libavfilter7_110-32bit-4.4-150400.3.15.1
libavformat58_76-4.4-150400.3.15.1
libavformat58_76-32bit-4.4-150400.3.15.1
libavresample4_0-4.4-150400.3.15.1
libavresample4_0-32bit-4.4-150400.3.15.1
libavutil56_70-4.4-150400.3.15.1
libavutil56_70-32bit-4.4-150400.3.15.1
libpostproc55_9-4.4-150400.3.15.1
libpostproc55_9-32bit-4.4-150400.3.15.1
libswresample3_9-4.4-150400.3.15.1
libswresample3_9-32bit-4.4-150400.3.15.1
libswscale5_9-4.4-150400.3.15.1
libswscale5_9-32bit-4.4-150400.3.15.1
Ссылки
- Link for SUSE-SU-2023:2087-1
- E-Mail link for SUSE-SU-2023:2087-1
- SUSE Security Ratings
- SUSE Bug 1206067
- SUSE Bug 1209934
- SUSE CVE CVE-2022-48434 page
Описание
libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libavcodec58_134-4.4-150400.3.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libavformat58_76-4.4-150400.3.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libavutil56_70-4.4-150400.3.15.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libpostproc55_9-4.4-150400.3.15.1
Ссылки
- CVE-2022-48434
- SUSE Bug 1209934