SUSE-SU-2025:0958-1

Опубликовано: 19 мар. 2025

Источник: suse-cvrf

Описание

Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues:

CVE-2022-48434: Fixed use after free in libavcodec/pthread_frame.c (bsc#1209934)
CVE-2020-22021: Fixed Buffer Overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586)

Список пакетов

Container containers/open-webui:0

ffmpeg-4-4.4.5-150600.13.19.1

libavcodec58_134-4.4.5-150600.13.19.1

libavdevice58_13-4.4.5-150600.13.19.1

libavfilter7_110-4.4.5-150600.13.19.1

libavformat58_76-4.4.5-150600.13.19.1

libavresample4_0-4.4.5-150600.13.19.1

libavutil56_70-4.4.5-150600.13.19.1

libpostproc55_9-4.4.5-150600.13.19.1

libswresample3_9-4.4.5-150600.13.19.1

libswscale5_9-4.4.5-150600.13.19.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

ffmpeg-4-4.4.5-150600.13.19.1

ffmpeg-4-libavcodec-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavdevice-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavfilter-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavformat-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavresample-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavutil-devel-4.4.5-150600.13.19.1

ffmpeg-4-libpostproc-devel-4.4.5-150600.13.19.1

ffmpeg-4-libswresample-devel-4.4.5-150600.13.19.1

ffmpeg-4-libswscale-devel-4.4.5-150600.13.19.1

ffmpeg-4-private-devel-4.4.5-150600.13.19.1

libavcodec58_134-4.4.5-150600.13.19.1

libavdevice58_13-4.4.5-150600.13.19.1

libavfilter7_110-4.4.5-150600.13.19.1

libavformat58_76-4.4.5-150600.13.19.1

libavresample4_0-4.4.5-150600.13.19.1

libavutil56_70-4.4.5-150600.13.19.1

libpostproc55_9-4.4.5-150600.13.19.1

libswresample3_9-4.4.5-150600.13.19.1

libswscale5_9-4.4.5-150600.13.19.1

SUSE Linux Enterprise Workstation Extension 15 SP6

libavcodec58_134-4.4.5-150600.13.19.1

libavformat58_76-4.4.5-150600.13.19.1

libavutil56_70-4.4.5-150600.13.19.1

libswresample3_9-4.4.5-150600.13.19.1

libswscale5_9-4.4.5-150600.13.19.1

openSUSE Leap 15.6

ffmpeg-4-4.4.5-150600.13.19.1

ffmpeg-4-libavcodec-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavdevice-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavfilter-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavformat-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavresample-devel-4.4.5-150600.13.19.1

ffmpeg-4-libavutil-devel-4.4.5-150600.13.19.1

ffmpeg-4-libpostproc-devel-4.4.5-150600.13.19.1

ffmpeg-4-libswresample-devel-4.4.5-150600.13.19.1

ffmpeg-4-libswscale-devel-4.4.5-150600.13.19.1

ffmpeg-4-private-devel-4.4.5-150600.13.19.1

libavcodec58_134-4.4.5-150600.13.19.1

libavcodec58_134-32bit-4.4.5-150600.13.19.1

libavdevice58_13-4.4.5-150600.13.19.1

libavdevice58_13-32bit-4.4.5-150600.13.19.1

libavfilter7_110-4.4.5-150600.13.19.1

libavfilter7_110-32bit-4.4.5-150600.13.19.1

libavformat58_76-4.4.5-150600.13.19.1

libavformat58_76-32bit-4.4.5-150600.13.19.1

libavresample4_0-4.4.5-150600.13.19.1

libavresample4_0-32bit-4.4.5-150600.13.19.1

libavutil56_70-4.4.5-150600.13.19.1

libavutil56_70-32bit-4.4.5-150600.13.19.1

libpostproc55_9-4.4.5-150600.13.19.1

libpostproc55_9-32bit-4.4.5-150600.13.19.1

libswresample3_9-4.4.5-150600.13.19.1

libswresample3_9-32bit-4.4.5-150600.13.19.1

libswscale5_9-4.4.5-150600.13.19.1

libswscale5_9-32bit-4.4.5-150600.13.19.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20250958-1/
Link for SUSE-SU-2025:0958-1
https://lists.suse.com/pipermail/sle-security-updates/2025-March/020566.html
E-Mail link for SUSE-SU-2025:0958-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1186586
SUSE Bug 1186586
https://bugzilla.suse.com/1209934
SUSE Bug 1209934
https://bugzilla.suse.com/1215309
SUSE Bug 1215309
https://www.suse.com/security/cve/CVE-2020-22021/
SUSE CVE CVE-2020-22021 page
https://www.suse.com/security/cve/CVE-2020-22046/
SUSE CVE CVE-2020-22046 page
https://www.suse.com/security/cve/CVE-2022-48434/
SUSE CVE CVE-2022-48434 page

Описание

Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function in libavfilter/vf_yadif.c, which could let a remote malicious user cause a Denial of Service.

Затронутые продукты

Container containers/open-webui:0:ffmpeg-4-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavcodec58_134-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavdevice58_13-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavfilter7_110-4.4.5-150600.13.19.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-22021.html
CVE-2020-22021
https://bugzilla.suse.com/1186586
SUSE Bug 1186586

Описание

A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c.

Затронутые продукты

Container containers/open-webui:0:ffmpeg-4-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavcodec58_134-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavdevice58_13-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavfilter7_110-4.4.5-150600.13.19.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-22046.html
CVE-2020-22046
https://bugzilla.suse.com/1186849
SUSE Bug 1186849

Описание

libavcodec/pthread_frame.c in FFmpeg before 5.1.2, as used in VLC and other products, leaves stale hwaccel state in worker threads, which allows attackers to trigger a use-after-free and execute arbitrary code in some circumstances (e.g., hardware re-initialization upon a mid-video SPS change when Direct3D11 is used).

Затронутые продукты

Container containers/open-webui:0:ffmpeg-4-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavcodec58_134-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavdevice58_13-4.4.5-150600.13.19.1

Container containers/open-webui:0:libavfilter7_110-4.4.5-150600.13.19.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-48434.html
CVE-2022-48434
https://bugzilla.suse.com/1209934
SUSE Bug 1209934

SUSE-SU-2025:0958-1

Описание

Список пакетов

Container containers/open-webui:0

SUSE Linux Enterprise Module for Package Hub 15 SP6

SUSE Linux Enterprise Workstation Extension 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2020-22021

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-22046

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-48434

Описание

Затронутые продукты

Ссылки