Overview Repositories Revisions Requests Users Attributes Meta
Security update for ffmpeg

This update for ffmpeg fixes the following issues:

Updated ffmpeg to new bugfix release 3.4.2

* Fix integer overflows, multiplication overflows, undefined
shifts, and verify buffer lengths.
* avfilter/vf_transpose: Fix used plane count
[boo#1078488, CVE-2018-6392]
* avcodec/utvideodec: Fix bytes left check in decode_frame()
[boo#1079368, CVE-2018-6621]
- Enable use of libzvbi for displaying teletext subtitles.
- Fixed a DoS in swri_audio_convert() [boo#1072366, CVE-2017-17555].

Update to new bugfix release 3.4.1

* Fixed integer overflows, division by zero, illegal bit shifts
* Fixed the gmc_mmx function which failed to validate width
and height [boo#1070762, CVE-2017-17081]
* Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840]
* ffplay: use SDL2 audio API

- install also doc/ffserver.conf

- Update to new upstream release 3.4

* New video filters: deflicker, doublewave, lumakey, pixscope,
oscilloscope, robterts, limiter, libvmaf, unpremultiply,
tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion.
* New audio filters: afir, crossfeed, surround, headphone,
superequalizer, haas.
* Some video filters with several inputs now use a common set
of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They
must always be used by name.
* librsvg support for svg rasterization
* spec-compliant VP9 muxing support in MP4
* Remove the libnut and libschroedinger muxer/demuxer wrappers
* drop deprecated qtkit input device (use avfoundation instead)
* SUP/PGS subtitle muxer
* VP9 tile threading support
* KMS screen grabber
* CUDA thumbnail filter
* V4L2 mem2mem HW assisted codecs
* Rockchip MPP hardware decoding
* (Not in openSUSE builds, only original ones:)
* Gremlin Digital Video demuxer and decoder
* Additional frame format support for Interplay MVE movies
* Dolby E decoder and SMPTE 337M demuxer
* raw G.726 muxer and demuxer, left- and right-justified
* NewTek NDI input/output device
* FITS demuxer, muxer, decoder and encoder
- Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186]
- Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]

Fixed bugs
bnc#1064577
VUL-0: CVE-2017-15186: ffmpeg: Double free when parsing AVI file to MKV file usingffvhuff decoder
bnc#1069407
VUL-0: CVE-2017-16840: ffmpeg: The VC-2 Video Compression encoder allows remote attackers to cause DoS (out-of-bounds read)
bnc#1070762
VUL-0: CVE-2017-17081: ffmpeg: The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 does notproperly validate widths and heights, which allows remote attackers to cause adenial of service (integer signedness error and out-of-array
bnc#1072366
VUL-1: CVE-2017-17555: ffmpeg: The swri_audio_convert function allows remote attackers to cause a DoS
bnc#1078488
VUL-0: CVE-2018-6392: ffmpeg: The filter_slice function in libavfilter/vf_transpose.c in FFmpeg through 3.4.1allows remote attackers to cause a denial of service (out-of-array access) via acrafted MP4 file.
bnc#1079368
VUL-0: CVE-2018-6621: ffmpeg: denial of service inside the decode_frame function in libavcodec/utvideodec.c
bnc#1066428
VUL-0: CVE-2017-15672: ffmpeg: out-of-array read in slice counting
CVE-2017-17555
CVE-2017-15672
CVE-2017-15186
CVE-2018-6392
CVE-2017-16840
CVE-2018-6621
CVE-2017-17081
Selected Binaries
openSUSE Build Service is sponsored by
Places