openSUSE-SU-2018:0470-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2018:0470-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2018:0470-1
- Related
- Published
- 2018-02-19T09:08:21Z
- Modified
- 2018-02-19T09:08:21Z
- Summary
- Security update for ffmpeg
- Details
-
This update for ffmpeg fixes the following issues:
Updated ffmpeg to new bugfix release 3.4.2
- Fix integer overflows, multiplication overflows, undefined shifts, and verify buffer lengths.
- avfilter/vf_transpose: Fix used plane count [boo#1078488, CVE-2018-6392]
- avcodec/utvideodec: Fix bytes left check in decode_frame()
[boo#1079368, CVE-2018-6621]
- Enable use of libzvbi for displaying teletext subtitles.
- Fixed a DoS in swriaudioconvert() [boo#1072366, CVE-2017-17555].
Update to new bugfix release 3.4.1
- Fixed integer overflows, division by zero, illegal bit shifts
- Fixed the gmc_mmx function which failed to validate width and height [boo#1070762, CVE-2017-17081]
- Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840]
ffplay: use SDL2 audio API
install also doc/ffserver.conf
Update to new upstream release 3.4
New video filters: deflicker, doublewave, lumakey, pixscope, oscilloscope, robterts, limiter, libvmaf, unpremultiply, tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion.
- New audio filters: afir, crossfeed, surround, headphone, superequalizer, haas.
- Some video filters with several inputs now use a common set of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They must always be used by name.
- librsvg support for svg rasterization
- spec-compliant VP9 muxing support in MP4
- Remove the libnut and libschroedinger muxer/demuxer wrappers
- drop deprecated qtkit input device (use avfoundation instead)
- SUP/PGS subtitle muxer
- VP9 tile threading support
- KMS screen grabber
- CUDA thumbnail filter
- V4L2 mem2mem HW assisted codecs
- Rockchip MPP hardware decoding
- (Not in openSUSE builds, only original ones:)
- Gremlin Digital Video demuxer and decoder
- Additional frame format support for Interplay MVE movies
- Dolby E decoder and SMPTE 337M demuxer
- raw G.726 muxer and demuxer, left- and right-justified
- NewTek NDI input/output device
- FITS demuxer, muxer, decoder and encoder
- Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186]
- Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]
- References
-
- https://bugzilla.suse.com/1064577
- https://bugzilla.suse.com/1066428
- https://bugzilla.suse.com/1069407
- https://bugzilla.suse.com/1070762
- https://bugzilla.suse.com/1072366
- https://bugzilla.suse.com/1078488
- https://bugzilla.suse.com/1079368
- https://www.suse.com/security/cve/CVE-2017-15186
- https://www.suse.com/security/cve/CVE-2017-15672
- https://www.suse.com/security/cve/CVE-2017-16840
- https://www.suse.com/security/cve/CVE-2017-17081
- https://www.suse.com/security/cve/CVE-2017-17555
- https://www.suse.com/security/cve/CVE-2018-6392
- https://www.suse.com/security/cve/CVE-2018-6621
Affected packages
SUSE:Package Hub 12 SP2 / ffmpeg
Package
- Name
- ffmpeg
- Purl
- purl:rpm/suse/ffmpeg&distro=SUSE%20Package%20Hub%2012%20SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.4.2-14.1
Ecosystem specific
{
"binaries": [
{
"libavresample-devel": "3.4.2-14.1",
"libavdevice57": "3.4.2-14.1",
"libavdevice-devel": "3.4.2-14.1",
"libswresample2": "3.4.2-14.1",
"libavcodec57": "3.4.2-14.1",
"libavfilter6": "3.4.2-14.1",
"libavutil-devel": "3.4.2-14.1",
"libavcodec-devel": "3.4.2-14.1",
"ffmpeg": "3.4.2-14.1",
"libpostproc-devel": "3.4.2-14.1",
"libswscale4": "3.4.2-14.1",
"libswscale-devel": "3.4.2-14.1",
"libavformat-devel": "3.4.2-14.1",
"libswresample-devel": "3.4.2-14.1",
"libavformat57": "3.4.2-14.1",
"libavresample3": "3.4.2-14.1",
"libavfilter-devel": "3.4.2-14.1",
"libpostproc54": "3.4.2-14.1",
"libavutil55": "3.4.2-14.1"
}
]
}