SUSE-SU-2026:0198-1

Опубликовано: 21 янв. 2026

Источник: suse-cvrf

Описание

Security update for ffmpeg-4

This update for ffmpeg-4 fixes the following issues:

CVE-2023-6601: Fixed HLS Unsafe File Extension Bypass (bsc#1220545).
CVE-2025-63757: Fixed integer overflow in yuv2ya16_X_c_template() (bsc#1255392).

Список пакетов

Container suse/kiosk/firefox-esr:latest

libavcodec58_134-4.4.6-150600.13.38.1

libavutil56_70-4.4.6-150600.13.38.1

libswresample3_9-4.4.6-150600.13.38.1

Container suse/kiosk/xorg-client:latest

libavcodec58_134-4.4.6-150600.13.38.1

libavutil56_70-4.4.6-150600.13.38.1

libswresample3_9-4.4.6-150600.13.38.1

SUSE Linux Enterprise Module for Package Hub 15 SP7

ffmpeg-4-4.4.6-150600.13.38.1

ffmpeg-4-libavcodec-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavdevice-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavfilter-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavformat-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavresample-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavutil-devel-4.4.6-150600.13.38.1

ffmpeg-4-libpostproc-devel-4.4.6-150600.13.38.1

ffmpeg-4-libswresample-devel-4.4.6-150600.13.38.1

ffmpeg-4-libswscale-devel-4.4.6-150600.13.38.1

ffmpeg-4-private-devel-4.4.6-150600.13.38.1

libavcodec58_134-4.4.6-150600.13.38.1

libavdevice58_13-4.4.6-150600.13.38.1

libavfilter7_110-4.4.6-150600.13.38.1

libavformat58_76-4.4.6-150600.13.38.1

libavresample4_0-4.4.6-150600.13.38.1

libavutil56_70-4.4.6-150600.13.38.1

libpostproc55_9-4.4.6-150600.13.38.1

libswresample3_9-4.4.6-150600.13.38.1

libswscale5_9-4.4.6-150600.13.38.1

SUSE Linux Enterprise Workstation Extension 15 SP7

libavcodec58_134-4.4.6-150600.13.38.1

libavformat58_76-4.4.6-150600.13.38.1

libavutil56_70-4.4.6-150600.13.38.1

libswresample3_9-4.4.6-150600.13.38.1

libswscale5_9-4.4.6-150600.13.38.1

openSUSE Leap 15.6

ffmpeg-4-4.4.6-150600.13.38.1

ffmpeg-4-libavcodec-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavdevice-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavfilter-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavformat-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavresample-devel-4.4.6-150600.13.38.1

ffmpeg-4-libavutil-devel-4.4.6-150600.13.38.1

ffmpeg-4-libpostproc-devel-4.4.6-150600.13.38.1

ffmpeg-4-libswresample-devel-4.4.6-150600.13.38.1

ffmpeg-4-libswscale-devel-4.4.6-150600.13.38.1

ffmpeg-4-private-devel-4.4.6-150600.13.38.1

libavcodec58_134-4.4.6-150600.13.38.1

libavcodec58_134-32bit-4.4.6-150600.13.38.1

libavdevice58_13-4.4.6-150600.13.38.1

libavdevice58_13-32bit-4.4.6-150600.13.38.1

libavfilter7_110-4.4.6-150600.13.38.1

libavfilter7_110-32bit-4.4.6-150600.13.38.1

libavformat58_76-4.4.6-150600.13.38.1

libavformat58_76-32bit-4.4.6-150600.13.38.1

libavresample4_0-4.4.6-150600.13.38.1

libavresample4_0-32bit-4.4.6-150600.13.38.1

libavutil56_70-4.4.6-150600.13.38.1

libavutil56_70-32bit-4.4.6-150600.13.38.1

libpostproc55_9-4.4.6-150600.13.38.1

libpostproc55_9-32bit-4.4.6-150600.13.38.1

libswresample3_9-4.4.6-150600.13.38.1

libswresample3_9-32bit-4.4.6-150600.13.38.1

libswscale5_9-4.4.6-150600.13.38.1

libswscale5_9-32bit-4.4.6-150600.13.38.1

Ссылки

https://www.suse.com/support/update/announcement/2026/suse-su-20260198-1/
Link for SUSE-SU-2026:0198-1
https://lists.suse.com/pipermail/sle-security-updates/2026-January/023830.html
E-Mail link for SUSE-SU-2026:0198-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1220545
SUSE Bug 1220545
https://bugzilla.suse.com/1255392
SUSE Bug 1255392
https://www.suse.com/security/cve/CVE-2023-6601/
SUSE CVE CVE-2023-6601 page
https://www.suse.com/security/cve/CVE-2025-63757/
SUSE CVE CVE-2025-63757 page

Описание

A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions.

Затронутые продукты

Container suse/kiosk/firefox-esr:latest:libavcodec58_134-4.4.6-150600.13.38.1

Container suse/kiosk/firefox-esr:latest:libavutil56_70-4.4.6-150600.13.38.1

Container suse/kiosk/firefox-esr:latest:libswresample3_9-4.4.6-150600.13.38.1

Container suse/kiosk/xorg-client:latest:libavcodec58_134-4.4.6-150600.13.38.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-6601.html
CVE-2023-6601
https://bugzilla.suse.com/1220545
SUSE Bug 1220545

Описание

Integer overflow vulnerability in the yuv2ya16_X_c_template function in libswscale/output.c in FFmpeg 8.0.

Затронутые продукты

Container suse/kiosk/firefox-esr:latest:libavcodec58_134-4.4.6-150600.13.38.1

Container suse/kiosk/firefox-esr:latest:libavutil56_70-4.4.6-150600.13.38.1

Container suse/kiosk/firefox-esr:latest:libswresample3_9-4.4.6-150600.13.38.1

Container suse/kiosk/xorg-client:latest:libavcodec58_134-4.4.6-150600.13.38.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-63757.html
CVE-2025-63757
https://bugzilla.suse.com/1255392
SUSE Bug 1255392

SUSE-SU-2026:0198-1

Описание

Список пакетов

Container suse/kiosk/firefox-esr:latest

Container suse/kiosk/xorg-client:latest

SUSE Linux Enterprise Module for Package Hub 15 SP7

SUSE Linux Enterprise Workstation Extension 15 SP7

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2023-6601

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2025-63757

Описание

Затронутые продукты

Ссылки