Описание
Security update for ffmpeg-4
This update for ffmpeg-4 fixes the following issues:
ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153
- CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 allowed remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified. (bsc#1133153)
- For other changes see /usr/share/doc/packages/libavcodec58/Changelog
Update to version 4.2.1:
- Stable bug fix release, mainly codecs and format fixes.
- CVE-2019-15942: Conditional jump or move depends on uninitialised value' issue in h2645_parse (boo#1149839)
Update to FFmpeg 4.2 'Ada'
- tpad filter
- AV1 decoding support through libdav1d
- dedot filter
- chromashift and rgbashift filters
- freezedetect filter
- truehd_core bitstream filter
- dhav demuxer
- PCM-DVD encoder
- GIF parser
- vividas demuxer
- hymt decoder
- anlmdn filter
- maskfun filter
- hcom demuxer and decoder
- ARBC decoder
- libaribb24 based ARIB STD-B24 caption support (profiles A and C)
- Support decoding of HEVC 4:4:4 content in nvdec and cuviddec
- removed libndi-newtek
- agm decoder
- KUX demuxer
- AV1 frame split bitstream filter
- lscr decoder
- lagfun filter
- asoftclip filter
- Support decoding of HEVC 4:4:4 content in vdpau
- colorhold filter
- xmedian filter
- asr filter
- showspatial multimedia filter
- VP4 video decoder
- IFV demuxer
- derain filter
- deesser filter
- mov muxer writes tracks with unspecified language instead of English by default
- added support for using clang to compile CUDA kernels
- See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.
Update to version 4.1.4
- See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete changelog.
- Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen
Update to version 4.1.3:
- Updates and bug fixes for codecs, filters and formats. [boo#1133153, boo#1133155, CVE-2019-11338, CVE-2019-11339]
Update to version 4.1.2:
- Updates and bug fixes for codecs, filters and formats.
Update to version 4.1.1:
- Various filter and codec fixes and enhancements.
- configure: Add missing xlib dependency for VAAPI X11 code.
- For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog
- enable AV1 support on x86_64
Update ffmpeg to 4.1:
- Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz, aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip, lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue, transpose_npp, amultiply, Block-Matching 3d (bm3d) denoising filter, acrossover filter, audio denoiser as afftdn filter, sinc audio filter source, chromahold, setparams, vibrance, xstack, (a)graphmonitor filter yadif_cuda filter.
- AV1 parser
- Support for AV1 in MP4
- PCM VIDC decoder and encoder
- libtensorflow backend for DNN based filters like srcnn
- -- The following only enabled in third-party builds:
- ATRAC9 decoder
- AVS2 video decoder via libdavs2
- IMM4 video decoder
- Brooktree ProSumer video decoder
- MatchWare Screen Capture Codec decoder
- WinCam Motion Video decoder
- RemotelyAnywhere Screen Capture decoder
- AVS2 video encoder via libxavs2
- ILBC decoder
- SER demuxer
- Decoding S12M timecode in H264
- For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1
Update ffmpeg to 4.0.3:
- For complete changelog, see https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.0.3
- CVE-2018-13305: Added a missing check for negative values of mqaunt variable (boo#1100345).
Список пакетов
SUSE Package Hub 12 SP2
ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavutil-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libpostproc-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswscale-devel-4.2.1-bp151.5.3.1
ffmpeg-4-private-devel-4.2.1-bp151.5.3.1
libavcodec58-4.2.1-bp151.5.3.1
libavcodec58-32bit-4.2.1-lp151.2.3.1
libavcodec58-64bit-4.2.1-bp151.5.3.1
libavdevice58-4.2.1-bp151.5.3.1
libavdevice58-32bit-4.2.1-lp151.2.3.1
libavdevice58-64bit-4.2.1-bp151.5.3.1
libavfilter7-4.2.1-bp151.5.3.1
libavfilter7-32bit-4.2.1-lp151.2.3.1
libavfilter7-64bit-4.2.1-bp151.5.3.1
libavformat58-4.2.1-bp151.5.3.1
libavformat58-32bit-4.2.1-lp151.2.3.1
libavformat58-64bit-4.2.1-bp151.5.3.1
libavresample4-4.2.1-bp151.5.3.1
libavresample4-32bit-4.2.1-lp151.2.3.1
libavresample4-64bit-4.2.1-bp151.5.3.1
libavutil56-4.2.1-bp151.5.3.1
libavutil56-32bit-4.2.1-lp151.2.3.1
libavutil56-64bit-4.2.1-bp151.5.3.1
libpostproc55-4.2.1-bp151.5.3.1
libpostproc55-32bit-4.2.1-lp151.2.3.1
libpostproc55-64bit-4.2.1-bp151.5.3.1
libswresample3-4.2.1-bp151.5.3.1
libswresample3-32bit-4.2.1-lp151.2.3.1
libswresample3-64bit-4.2.1-bp151.5.3.1
libswscale5-4.2.1-bp151.5.3.1
libswscale5-32bit-4.2.1-lp151.2.3.1
libswscale5-64bit-4.2.1-bp151.5.3.1
SUSE Package Hub 15
ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavutil-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libpostproc-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswscale-devel-4.2.1-bp151.5.3.1
ffmpeg-4-private-devel-4.2.1-bp151.5.3.1
libavcodec58-4.2.1-bp151.5.3.1
libavcodec58-32bit-4.2.1-lp151.2.3.1
libavcodec58-64bit-4.2.1-bp151.5.3.1
libavdevice58-4.2.1-bp151.5.3.1
libavdevice58-32bit-4.2.1-lp151.2.3.1
libavdevice58-64bit-4.2.1-bp151.5.3.1
libavfilter7-4.2.1-bp151.5.3.1
libavfilter7-32bit-4.2.1-lp151.2.3.1
libavfilter7-64bit-4.2.1-bp151.5.3.1
libavformat58-4.2.1-bp151.5.3.1
libavformat58-32bit-4.2.1-lp151.2.3.1
libavformat58-64bit-4.2.1-bp151.5.3.1
libavresample4-4.2.1-bp151.5.3.1
libavresample4-32bit-4.2.1-lp151.2.3.1
libavresample4-64bit-4.2.1-bp151.5.3.1
libavutil56-4.2.1-bp151.5.3.1
libavutil56-32bit-4.2.1-lp151.2.3.1
libavutil56-64bit-4.2.1-bp151.5.3.1
libpostproc55-4.2.1-bp151.5.3.1
libpostproc55-32bit-4.2.1-lp151.2.3.1
libpostproc55-64bit-4.2.1-bp151.5.3.1
libswresample3-4.2.1-bp151.5.3.1
libswresample3-32bit-4.2.1-lp151.2.3.1
libswresample3-64bit-4.2.1-bp151.5.3.1
libswscale5-4.2.1-bp151.5.3.1
libswscale5-32bit-4.2.1-lp151.2.3.1
libswscale5-64bit-4.2.1-bp151.5.3.1
SUSE Package Hub 15 SP1
ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavutil-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libpostproc-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswscale-devel-4.2.1-bp151.5.3.1
ffmpeg-4-private-devel-4.2.1-bp151.5.3.1
libavcodec58-4.2.1-bp151.5.3.1
libavcodec58-32bit-4.2.1-lp151.2.3.1
libavcodec58-64bit-4.2.1-bp151.5.3.1
libavdevice58-4.2.1-bp151.5.3.1
libavdevice58-32bit-4.2.1-lp151.2.3.1
libavdevice58-64bit-4.2.1-bp151.5.3.1
libavfilter7-4.2.1-bp151.5.3.1
libavfilter7-32bit-4.2.1-lp151.2.3.1
libavfilter7-64bit-4.2.1-bp151.5.3.1
libavformat58-4.2.1-bp151.5.3.1
libavformat58-32bit-4.2.1-lp151.2.3.1
libavformat58-64bit-4.2.1-bp151.5.3.1
libavresample4-4.2.1-bp151.5.3.1
libavresample4-32bit-4.2.1-lp151.2.3.1
libavresample4-64bit-4.2.1-bp151.5.3.1
libavutil56-4.2.1-bp151.5.3.1
libavutil56-32bit-4.2.1-lp151.2.3.1
libavutil56-64bit-4.2.1-bp151.5.3.1
libpostproc55-4.2.1-bp151.5.3.1
libpostproc55-32bit-4.2.1-lp151.2.3.1
libpostproc55-64bit-4.2.1-bp151.5.3.1
libswresample3-4.2.1-bp151.5.3.1
libswresample3-32bit-4.2.1-lp151.2.3.1
libswresample3-64bit-4.2.1-bp151.5.3.1
libswscale5-4.2.1-bp151.5.3.1
libswscale5-32bit-4.2.1-lp151.2.3.1
libswscale5-64bit-4.2.1-bp151.5.3.1
openSUSE Leap 15.1
ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libavutil-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libpostproc-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswresample-devel-4.2.1-bp151.5.3.1
ffmpeg-4-libswscale-devel-4.2.1-bp151.5.3.1
ffmpeg-4-private-devel-4.2.1-bp151.5.3.1
libavcodec58-4.2.1-bp151.5.3.1
libavcodec58-32bit-4.2.1-lp151.2.3.1
libavcodec58-64bit-4.2.1-bp151.5.3.1
libavdevice58-4.2.1-bp151.5.3.1
libavdevice58-32bit-4.2.1-lp151.2.3.1
libavdevice58-64bit-4.2.1-bp151.5.3.1
libavfilter7-4.2.1-bp151.5.3.1
libavfilter7-32bit-4.2.1-lp151.2.3.1
libavfilter7-64bit-4.2.1-bp151.5.3.1
libavformat58-4.2.1-bp151.5.3.1
libavformat58-32bit-4.2.1-lp151.2.3.1
libavformat58-64bit-4.2.1-bp151.5.3.1
libavresample4-4.2.1-bp151.5.3.1
libavresample4-32bit-4.2.1-lp151.2.3.1
libavresample4-64bit-4.2.1-bp151.5.3.1
libavutil56-4.2.1-bp151.5.3.1
libavutil56-32bit-4.2.1-lp151.2.3.1
libavutil56-64bit-4.2.1-bp151.5.3.1
libpostproc55-4.2.1-bp151.5.3.1
libpostproc55-32bit-4.2.1-lp151.2.3.1
libpostproc55-64bit-4.2.1-bp151.5.3.1
libswresample3-4.2.1-bp151.5.3.1
libswresample3-32bit-4.2.1-lp151.2.3.1
libswresample3-64bit-4.2.1-bp151.5.3.1
libswscale5-4.2.1-bp151.5.3.1
libswscale5-32bit-4.2.1-lp151.2.3.1
libswscale5-64bit-4.2.1-bp151.5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0024-1
- SUSE Security Ratings
- SUSE Bug 1100345
- SUSE Bug 1133123
- SUSE Bug 1133153
- SUSE Bug 1133155
- SUSE Bug 1149839
- SUSE CVE CVE-2017-17555 page
- SUSE CVE CVE-2018-13305 page
- SUSE CVE CVE-2019-11338 page
- SUSE CVE CVE-2019-11339 page
- SUSE CVE CVE-2019-15942 page
Описание
The swri_audio_convert function in audioconvert.c in FFmpeg libswresample through 3.0.101, as used in FFmpeg 3.4.1, aubio 0.4.6, and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted audio file.
Затронутые продукты
SUSE Package Hub 12 SP2:ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
Ссылки
- CVE-2017-17555
- SUSE Bug 1072366
Описание
In FFmpeg 4.0.1, due to a missing check for negative values of the mquant variable, the vc1_put_blocks_clamped function in libavcodec/vc1_block.c may trigger an out-of-array access while converting a crafted AVI file to MPEG4, leading to an information disclosure or a denial of service.
Затронутые продукты
SUSE Package Hub 12 SP2:ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
Ссылки
- CVE-2018-13305
- SUSE Bug 1100345
Описание
libavcodec/hevcdec.c in FFmpeg 3.4 and 4.1.2 mishandles detection of duplicate first slices, which allows remote attackers to cause a denial of service (NULL pointer dereference and out-of-array access) or possibly have unspecified other impact via crafted HEVC data.
Затронутые продукты
SUSE Package Hub 12 SP2:ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
Ссылки
- CVE-2019-11338
- SUSE Bug 1133155
Описание
The studio profile decoder in libavcodec/mpeg4videodec.c in FFmpeg 4.0 before 4.0.4 and 4.1 before 4.1.2 allows remote attackers to cause a denial of service (out-of-array access) or possibly have unspecified other impact via crafted MPEG-4 video data.
Затронутые продукты
SUSE Package Hub 12 SP2:ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
Ссылки
- CVE-2019-11339
- SUSE Bug 1133153
Описание
FFmpeg through 4.2 has a "Conditional jump or move depends on uninitialised value" issue in h2645_parse because alloc_rbsp_buffer in libavcodec/h2645_parse.c mishandles rbsp_buffer.
Затронутые продукты
SUSE Package Hub 12 SP2:ffmpeg-4-libavcodec-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavdevice-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavfilter-devel-4.2.1-bp151.5.3.1
SUSE Package Hub 12 SP2:ffmpeg-4-libavformat-devel-4.2.1-bp151.5.3.1
Ссылки
- CVE-2019-15942
- SUSE Bug 1149839