Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in FFmpeg
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in FFmpeg
ID: USN-6803-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10, Ubuntu 24.04 LTS
Datum: Fr, 31. Mai 2024, 00:15
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51796
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50008
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51794
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49528
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50009
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51793
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50007
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-31585
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50010
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51798
Applikationen: FFmpeg

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============2001214256996522819==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------0uKyi9k3bOrnEtn40Sh06OAZ"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------0uKyi9k3bOrnEtn40Sh06OAZ
Content-Type: multipart/mixed;
 boundary="------------GvUGNYx9aKebqDWm0B8RpdN4";
 protected-headers="v1"
From: Allen Huang <allen.huang@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <5cbb6ada-f8e9-4eeb-b343-1b3e9710debb@canonical.com>
Subject: [USN-6803-1] FFmpeg vulnerabilities

--------------GvUGNYx9aKebqDWm0B8RpdN4
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-6803-1
May 30, 2024

ffmpeg vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

FFmpeg could be made to crash or run programs as your login if it
opened a specially crafted file.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 24.04 LTS. (CVE-2023-49501)

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2023-49502)

Zhang Ling and Zeng Yunxiang discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-49528)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2023-50007)

Zeng Yunxiang and Song Jiaxuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-50008)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10. (CVE-2023-50009)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS,
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-50010)

Zeng Yunxiang and Li Zeyuan discovered that FFmpeg incorrectly handled
certain input files. An attacker could possibly use this issue to cause
FFmpeg to crash, resulting in a denial of service, or potential arbitrary
code execution. This issue only affected Ubuntu 23.10 and
Ubuntu 24.04 LTS. (CVE-2023-51793)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS and Ubuntu 23.10. (CVE-2023-51794, CVE-2023-51798)

Zeng Yunxiang discovered that FFmpeg incorrectly handled certain input
files. An attacker could possibly use this issue to cause FFmpeg to crash,
resulting in a denial of service, or potential arbitrary code execution.
This issue only affected Ubuntu 23.10. (CVE-2023-51795, CVE-2023-51796)

It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 18.04 LTS, Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 23.10 and Ubuntu 24.04 LTS. (CVE-2024-31578)

It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 23.10 and Ubuntu 24.04 LTS.
(CVE-2024-31582)

It was discovered that discovered that FFmpeg incorrectly handled certain
input files. An attacker could possibly use this issue to cause FFmpeg to
crash, resulting in a denial of service, or potential arbitrary code
execution. This issue only affected Ubuntu 23.10. (CVE-2024-31585)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   ffmpeg                          7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavcodec-extra60              7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavcodec60                    7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavdevice60                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavfilter-extra9              7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavfilter9                    7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavformat-extra60             7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavformat60                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libavutil58                     7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libpostproc57                   7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libswresample4                  7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro
   libswscale7                     7:6.1.1-3ubuntu5+esm1
                                   Available with Ubuntu Pro

Ubuntu 23.10
   ffmpeg                          7:6.0-6ubuntu1.1
   libavcodec-extra60              7:6.0-6ubuntu1.1
   libavcodec60                    7:6.0-6ubuntu1.1
   libavdevice60                   7:6.0-6ubuntu1.1
   libavfilter-extra9              7:6.0-6ubuntu1.1
   libavfilter9                    7:6.0-6ubuntu1.1
   libavformat-extra60             7:6.0-6ubuntu1.1
   libavformat60                   7:6.0-6ubuntu1.1
   libavutil58                     7:6.0-6ubuntu1.1
   libpostproc57                   7:6.0-6ubuntu1.1
   libswresample4                  7:6.0-6ubuntu1.1
   libswscale7                     7:6.0-6ubuntu1.1

Ubuntu 22.04 LTS
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm4
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavformat58                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavresample4                  7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavutil56                     7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswresample3                  7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswscale5                     7:4.2.7-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavformat57                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavresample3                  7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libavutil55                     7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswresample2                  7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro
   libswscale4                     7:3.4.11-0ubuntu0.1+esm5
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   ffmpeg                          7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg-extra56       7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg56             7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavdevice-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavfilter-ffmpeg5             7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavformat-ffmpeg56            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavresample-ffmpeg2           7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavutil-ffmpeg54              7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libpostproc-ffmpeg53            7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswresample-ffmpeg1           7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswscale-ffmpeg3              7:2.8.17-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6803-1
   CVE-2023-49501, CVE-2023-49502, CVE-2023-49528, CVE-2023-50007,
   CVE-2023-50008, CVE-2023-50009, CVE-2023-50010, CVE-2023-51793,
   CVE-2023-51794, CVE-2023-51795, CVE-2023-51796, CVE-2023-51798,
   CVE-2024-31578, CVE-2024-31582, CVE-2024-31585

Package Information:
   https://launchpad.net/ubuntu/+source/ffmpeg/7:6.0-6ubuntu1.1

--------------GvUGNYx9aKebqDWm0B8RpdN4--

--------------0uKyi9k3bOrnEtn40Sh06OAZ
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEhC9y9XdAFQPCvYXchGmXSGiknnUFAmZYxr0FAwAAAAAACgkQhGmXSGiknnUB
ehAAvW1wsPkSGQNA+I5A9VL8VbYbqkqJrdtc42AAPWvopcqe+uUwif9pgyB75Lz4+AhOdgNG41Oz
bv1/kWe0V1ey4fFiGovqq1xhRntaK+jRaN+FsjfxZ1eaeCX7abWPLnqkqUuVgTmwDJOUpQRBM2Pm
kpP5BS5UYRKiQf+sTuxuIxb4kU6x9bX7gOEGE3VBF13gNpf9MoJzKU8mbFWUNltXOsriB7Ujb8zC
Ht437PUWizsPwK4sbn8bmPgJxOkyZ6LjH32hjt4Akiscx9ueEBhs16Owfi0MC/Osk6bOefDGSfn7
WsvjJv2jpkiAkmrgmc3c2NTGmilntGVBq7rbzxlGsvt46AclQa52WNEh8eM82m4UfWERJuDEWl/l
DykIf/MbEndPwh+Bo+Zr3zaS+XrQtV3Rew/eBdGaPuCYNrmV3ZuRL/V04ZFAc3Vp0iWWOljpZfDd
YAF3hTMxSDNwHOC/UfA63175UdGOTGET0+9Bbchdh+mdDCScCjJpRoAGdCgPR7iKTUk0AwyWpJWu
gKQ5bfUUErChOqFMbL5P1iIHrGqBcimRESjrdjtoB6yZqTPjbeDghBA3N9RPta+/RIFSTAV7GdtR
CyxtSQMBjY+hdx5BTZgCzz1NTmSWu/UdFbHxx4FRkmZgAB9Cs8gZ2HkkK8Tg/Qv/PIv8sxwELgY9
k88=
=MhEQ
-----END PGP SIGNATURE-----

--------------0uKyi9k3bOrnEtn40Sh06OAZ--


--===============2001214256996522819==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============2001214256996522819==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung