Login
Newsletter
Werbung
Sicherheit: Denial of Service in FFmpeg
Aktuelle Meldungen Distributionen
Name: Denial of Service in FFmpeg
ID: USN-7188-1
Distribution: Ubuntu
Plattformen: Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS
Datum: Mi, 8. Januar 2025, 06:10
Referenzen: https://www.cve.org/CVERecord?id=CVE-2024-36617
Applikationen: FFmpeg

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7225522473416570393==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------GvO6KKUyUIjFj711OBdYY00f"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------GvO6KKUyUIjFj711OBdYY00f
Content-Type: multipart/mixed;
 boundary="------------kdXQAMvOwjS8J8Aphs2T13A2";
 protected-headers="v1"
From: Bruce Cable <bruce.cable@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <20b9b20f-15d0-488a-9a6e-1938e2ffeea2@canonical.com>
Subject: [USN-7188-1] FFmpeg vulnerability

--------------kdXQAMvOwjS8J8Aphs2T13A2
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

==========================================================================
Ubuntu Security Notice USN-7188-1
January 08, 2025

ffmpeg vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS

Summary:

FFmpeg could be made to crash if it received specially crafted input.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg incorrectly handled certain input, which
could lead to an integer overflow. An attacker could possibly use this
issue to cause a denial of service by crashing the application.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm6
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavformat58                   7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavresample4                  7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavutil56                     7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswresample3                  7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswscale5                     7:4.2.7-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavformat57                   7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavresample3                  7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libavutil55                     7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswresample2                  7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro
   libswscale4                     7:3.4.11-0ubuntu0.1+esm7
                                   Available with Ubuntu Pro

Ubuntu 16.04 LTS
   ffmpeg                          7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libav-tools                     7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg-extra56       7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libavcodec-ffmpeg56             7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libavdevice-ffmpeg56            7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libavfilter-ffmpeg5             7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libavformat-ffmpeg56            7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libavresample-ffmpeg2           7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libavutil-ffmpeg54              7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libpostproc-ffmpeg53            7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libswresample-ffmpeg1           7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro
   libswscale-ffmpeg3              7:2.8.17-0ubuntu0.1+esm9
                                   Available with Ubuntu Pro

After a standard system update you need to restart FFmpeg to make
all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7188-1
   CVE-2024-36617

--------------kdXQAMvOwjS8J8Aphs2T13A2--

--------------GvO6KKUyUIjFj711OBdYY00f
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEkd98mdFcnQdP7vQkuGrtzot7pOcFAmd91IUFAwAAAAAACgkQuGrtzot7pOcM
WQv+M74zrLkgywsNRwOe5wJ/MhoxA0FOkUH84aLPaXxGMLf/Mv4jxL0bY1RM69C7PW67GGdgTVPi
VvRCF//0m5lCVluabIqcfUpqbSDu8dha1WufHqiGmCcbxpfESMkoS32SIzzKLDMPeEJtr1DTVH8Y
zfgW5rqNWdMuC2W0UcyFunBL/6hGn3F1dDS9+95bBK2ZeYCEWIggm/1UkZm+uA/WQ2wrz1R6zj94
XpQ53drHehl8FBWwVUOKWDTXDj5CsyF9ozfNb48uPi/2nDLECzhTXNlMZWJM6Ghw8NIyGiPT3CIj
QP/TLL5SJZd+N1yqHFA7+V85tD4omMsWIuzoqR1xGAT3zYHy3EwTg+4OENegwHpThI/Nbn3xwtH1
FeFotT2S5ihoEvKyTKZlFW9cPgD0BbvHHYXn1rwOEEdGXyA+kUGMA+tN9057lTplB6QZQU3FtUrL
2fd69enmAqCEYILpkOqQJ4BMf5flOJLMHaf171MEyFuUopdIvlGcj2WIRvp0
=0qw9
-----END PGP SIGNATURE-----

--------------GvO6KKUyUIjFj711OBdYY00f--


--===============7225522473416570393==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline

Cg==

--===============7225522473416570393==--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung