Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in FFmpeg (Aktualisierung)
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in FFmpeg (Aktualisierung)
ID: USN-6449-2
Distribution: Ubuntu
Plattformen: Ubuntu 22.04 LTS (Available with Ubuntu Pro), Ubuntu 20.04 LTS (Available with Ubuntu Pro), Ubuntu 18.04 LTS (Available with Ubuntu Pro)
Datum: Mi, 15. November 2023, 20:37
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38092
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-48434
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38091
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38094
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20898
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38090
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22038
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38093
Applikationen: FFmpeg
Update von: Mehrere Probleme in FFmpeg

Originalnachricht

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============4996631735941635565==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------5Xmen0PHQeteTr6sfE0bq0Hs"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------5Xmen0PHQeteTr6sfE0bq0Hs
Content-Type: multipart/mixed;
boundary="------------HlHpllx9hTZXss3R0up0gEeB";
protected-headers="v1"
From: Nick Galanis <nick.galanis@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <9a1bd2ee-844f-42aa-a8bb-12b55992987f@canonical.com>
Subject: [USN-6449-2] FFmpeg regression

--------------HlHpllx9hTZXss3R0up0gEeB
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-6449-2
November 15, 2023

ffmpeg regression
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

USN-6449-1 introduced a regression in FFmpeg

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

USN-6449-1 fixed vulnerabilities in FFmpeg. Unfortunately that update
could introduce a regression in tools using an FFmpeg library, like VLC.

This updated fixes the problem. We apologize for the inconvenience.

Original advisory details:

It was discovered that FFmpeg incorrectly managed memory resulting
in a memory leak. An attacker could possibly use this issue to cause
a denial of service via application crash. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038)

It was discovered that FFmpeg incorrectly handled certain input files,
leading to an integer overflow. An attacker could possibly use this issue
to cause a denial of service via application crash. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090,
CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094)

It was discovered that FFmpeg incorrectly managed memory, resulting in
a memory leak. If a user or automated system were tricked into
processing a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service, or execute
arbitrary code. (CVE-2022-48434)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm3
libavcodec-extra 7:4.4.2-0ubuntu0.22.04.1+esm3
libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm3
libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm3
libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm3
libavfilter-extra 7:4.4.2-0ubuntu0.22.04.1+esm3
libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm3
libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm3
libavformat-extra 7:4.4.2-0ubuntu0.22.04.1+esm3
libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm3
libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm3
libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm3
libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm3
libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm3
libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm3

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
ffmpeg 7:4.2.7-0ubuntu0.1+esm4
libavcodec-extra 7:4.2.7-0ubuntu0.1+esm4
libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm4
libavcodec58 7:4.2.7-0ubuntu0.1+esm4
libavdevice58 7:4.2.7-0ubuntu0.1+esm4
libavfilter-extra 7:4.2.7-0ubuntu0.1+esm4
libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm4
libavfilter7 7:4.2.7-0ubuntu0.1+esm4
libavformat58 7:4.2.7-0ubuntu0.1+esm4
libavresample4 7:4.2.7-0ubuntu0.1+esm4
libavutil-dev 7:4.2.7-0ubuntu0.1+esm4
libavutil56 7:4.2.7-0ubuntu0.1+esm4
libpostproc55 7:4.2.7-0ubuntu0.1+esm4
libswresample3 7:4.2.7-0ubuntu0.1+esm4
libswscale5 7:4.2.7-0ubuntu0.1+esm4

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
ffmpeg 7:3.4.11-0ubuntu0.1+esm4
libavcodec-extra 7:3.4.11-0ubuntu0.1+esm4
libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm4
libavcodec57 7:3.4.11-0ubuntu0.1+esm4
libavdevice-dev 7:3.4.11-0ubuntu0.1+esm4
libavdevice57 7:3.4.11-0ubuntu0.1+esm4
libavfilter-dev 7:3.4.11-0ubuntu0.1+esm4
libavfilter-extra 7:3.4.11-0ubuntu0.1+esm4
libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm4
libavfilter6 7:3.4.11-0ubuntu0.1+esm4
libavformat57 7:3.4.11-0ubuntu0.1+esm4
libavresample3 7:3.4.11-0ubuntu0.1+esm4
libavutil-dev 7:3.4.11-0ubuntu0.1+esm4
libavutil55 7:3.4.11-0ubuntu0.1+esm4
libpostproc54 7:3.4.11-0ubuntu0.1+esm4
libswresample2 7:3.4.11-0ubuntu0.1+esm4
libswscale4 7:3.4.11-0ubuntu0.1+esm4

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6449-2
https://ubuntu.com/security/notices/USN-6449-1
https://launchpad.net/bugs/2042743

--------------HlHpllx9hTZXss3R0up0gEeB--

--------------5Xmen0PHQeteTr6sfE0bq0Hs
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsB5BAABCAAjFiEE5rkwSLC9ntq84w397Dtram9gyMMFAmVUlX8FAwAAAAAACgkQ7Dtram9gyMNU
Hwf+N5ieZfFH5YqDTGO4X0BUsRK0sLted9yl9jRQ3orNC/Xfbv9RXrg0i3lpc9lQZpt4M6oeAmkV
A9zNt9/7oqJYrNI8uSeF0zzS8pQJgxm4OVo69s1vCX+cExSfIIN28d1pjMbVzegBDSly7k6wHq4L
LM3yAdF+xvlyIcunDoU6rX7ilS1coKev6vmffBFXspv0kiQ1F+SsxNMHCk3HldvkvRO11+dRSKQ3
pzExeR35CCEAf19HKjxLsvo1SS2mTuoriTlyD5Cfz/pxER+TLExtN38wvtvDykzCnkfthOC2Bl54
af4KOv1YGEl/q6rwrVETy2mJFr3VHIixvWJIj0WqmQ==
=ri9X
-----END PGP SIGNATURE-----

--------------5Xmen0PHQeteTr6sfE0bq0Hs--


--===============4996631735941635565==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============4996631735941635565==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung