Lucene search

K
suseSuseOPENSUSE-SU-2019:1066-1
HistoryMar 28, 2019 - 12:00 a.m.

Security update for ffmpeg-4 (low)

2019-03-2800:00:00
lists.opensuse.org
112

EPSS

0.01

Percentile

83.6%

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for ffmpeg-4 to version 4.0.2 fixes the following issues:

These security issues were fixed:

  • CVE-2018-15822: The flv_write_packet function did not check for an empty
    audio packet, leading to an assertion failure and DoS (bsc#1105869).
  • CVE-2018-13300: An improper argument passed to the avpriv_request_sample
    function may have triggered an out-of-array read while converting a
    crafted AVI file to MPEG4, leading to a denial of service and possibly
    an information disclosure (bsc#1100348).

These non-security issues were fixed:

  • Enable webvtt encoders and decoders (boo#1092241).
  • Build codec2 encoder and decoder, add libcodec2 to enable_decoders and
    enable_encoders.
  • Enable mpeg 1 and 2 encoders.

This update was imported from the openSUSE:Leap:15.0:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Backports SLE-15:

    zypper in -t patch openSUSE-2019-1066=1