Ubuntu alert USN-6983-1 (ffmpeg)
| From: | Octavio Galland <octavio.galland@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6983-1] FFmpeg vulnerability | |
| Date: | Mon, 02 Sep 2024 11:49:35 -0300 | |
| Message-ID: | <27fa575d-7515-4d0d-a194-8564ad862f4d@canonical.com> |
========================================================================== Ubuntu Security Notice USN-6983-1 September 02, 2024 ffmpeg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: FFmpeg could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - ffmpeg: Tools for transcoding, streaming and playing of multimedia files Details: Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS ffmpeg 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavcodec-dev 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavcodec-extra60 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavcodec60 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavdevice60 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavfilter-extra9 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavfilter9 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavformat-extra60 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavformat60 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libavutil58 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libpostproc57 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libswresample4 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro libswscale7 7:6.1.1-3ubuntu5+esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS ffmpeg 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavcodec-dev 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavcodec-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavcodec58 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavdevice58 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavfilter-extra7 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavfilter7 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavformat-extra58 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavformat58 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libavutil56 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libpostproc55 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libswresample3 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro libswscale5 7:4.4.2-0ubuntu0.22.04.1+esm5 Available with Ubuntu Pro Ubuntu 20.04 LTS ffmpeg 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavcodec-dev 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavcodec-extra58 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavcodec58 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavdevice58 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavfilter-extra7 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavfilter7 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavformat58 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavresample4 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libavutil56 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libpostproc55 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libswresample3 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro libswscale5 7:4.2.7-0ubuntu0.1+esm6 Available with Ubuntu Pro Ubuntu 18.04 LTS ffmpeg 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavcodec-dev 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavcodec-extra57 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavcodec57 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavdevice57 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavfilter-extra6 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavfilter6 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavformat57 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavresample3 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libavutil55 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libpostproc54 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libswresample2 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro libswscale4 7:3.4.11-0ubuntu0.1+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS ffmpeg 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libav-tools 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavcodec-dev 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavcodec-ffmpeg-extra56 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavcodec-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavdevice-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavfilter-ffmpeg5 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavformat-ffmpeg56 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavresample-ffmpeg2 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libavutil-ffmpeg54 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libpostproc-ffmpeg53 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libswresample-ffmpeg1 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro libswscale-ffmpeg3 7:2.8.17-0ubuntu0.1+esm8 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6983-1 CVE-2024-32230
Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- wsF5BAABCAAjFiEER/Iq56J1QpFyK/CQ9uFA9ts1nlgFAmbV0H8FAwAAAAAACgkQ9uFA9ts1nlgv KA/+P9DDRvqsuuYpgVmwcUND2vPryVLT8oJdzj+5O9DnNh0XmfvkxpdPdMj8Plzsas9F1f1184BT R2c4JIUAOZ8WINLZDbMd0V/r8BePu0vuXJ6x2klgzRbANN0fHjN+4ZPTRg2D5olciVITQDhA0RL4 jxySDXZoL6o/1XXQeNTp8sLvO6VG2w4O4hQyYk7KIio0qlPWkPd7IybXnxAP5lT6C+LYUbQabwNP xjPbOfWq5IHUGxmfxmeRWCqBdZsAEzLFtuF53d/tU0D2uVeOk79oRzYREvZsungUO95IHpU17lpg d/erF46WFkMLRrNc60KMRamAGjOxoPxs/NiR17mxJwuvAGvUcyM3anKdaaxFdcHzJ8ySlbJtZV5u Au1XOvl2i1F25BWxKerqLIDmRF8ZjSf1RWvOAE7bsvhb1LaAUv1oRRCp4yNOmWjICayUy4t22UHM etnDZ73SnMV8GWU9Ej9fJOzlJ3lu9rttOZp5fJC3FG6b0o+AkrM60fXx7jFpahtGC41fU6HSO8Wh ic1fU78cGD1FoO/1J746PauPw8co5pmhIvvmTA0i8rN8qYTsVkYSCYUv+eAISaojx3U/xH214piT LCl66A4BYXWO4Cm0Rk5lfoYj6Q1Ld22p3zar+GBy0CGpE5qrVq/qnstyTCP10ChxpFJKR+yboCb9 5bg= =V7tB -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)