1. Forum
  2. Fsxnet Message
  3. FSX BOT

  • FFmpeg vulnerabilities

    From bugz_ubuntu@21:4/110 to Ubuntu Users on Wednesday, July 22, 2020 16:10:05
    ffmpeg vulnerabilities

    A security issue affects these releases of Ubuntu and its
    derivatives:

    * Ubuntu 20.04 LTS
    * Ubuntu 18.04 LTS
    * Ubuntu 16.04 LTS

    Summary

    Several security issues were fixed in FFmpeg.

    Software Description

    * ffmpeg - Tools for transcoding, streaming and playing of
    multimedia files

    Details

    It was discovered that FFmpeg incorrectly verified empty audio
    packets or HEVC data. An attacker could possibly use this issue to
    cause a denial of service via a crafted file. This issue only
    affected Ubuntu 16.04 LTS, as it was already fixed in Ubuntu 18.04
    LTS. For more information see:
    https://usn.ubuntu.com/usn/usn-3967-1 (CVE-2018-15822,
    CVE-2019-11338)

    It was discovered that FFmpeg incorrectly handled sscanf failures.
    An attacker could possibly use this issue to cause a denial of
    service or other unspecified impact. This issue only affected
    Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-12730)

    It was discovered that FFmpeg incorrectly handled certain WEBM
    files. An attacker could possibly use this issue to obtain
    sensitive data or other unspecified impact. This issue only
    affected Ubuntu 20.04 LTS. (CVE-2019-13312)

    It was discovered that FFmpeg incorrectly handled certain AVI
    files. An attacker could possibly use this issue to cause a denial
    of service or other unspecified impact. This issue only affected
    Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-13390)

    It was discovered that FFmpeg incorrectly handled certain input.
    An attacker could possibly use this issue to cause a denial of
    service or other unspecified impact. This issue only affected
    Ubuntu 18.04 LTS. (CVE-2019-17539)

    It was discovered that FFmpeg incorrectly handled certain input
    during decoding of VQA files. An attacker could possibly use this
    issue to obtain sensitive information or other unspecified impact.
    This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
    (CVE-2019-17542)

    It was discovered that FFmpeg incorrectly handled certain JPEG
    files. An attacker could possibly use this issue to obtain
    sensitive information or other unspecified impact. This issue only
    affected Ubuntu 20.04 LTS. (CVE-2020-12284)

    It was discovered that FFmpeg incorrectly handled certain M3U8
    files. An attacker could possibly use this issue to obtain
    sensitive information or other unspecified impact.
    (CVE-2020-13904)

    Update instructions

    The problem can be corrected by updating your system to the
    following package versions:

    Ubuntu 20.04 LTS
    ffmpeg - 7:4.2.4-1ubuntu0.1
    libavcodec-extra58 - 7:4.2.4-1ubuntu0.1
    libavcodec58 - 7:4.2.4-1ubuntu0.1
    libavdevice58 - 7:4.2.4-1ubuntu0.1
    libavfilter-extra7 - 7:4.2.4-1ubuntu0.1
    libavfilter7 - 7:4.2.4-1ubuntu0.1
    libavformat58 - 7:4.2.4-1ubuntu0.1
    libavresample4 - 7:4.2.4-1ubuntu0.1
    libavutil56 - 7:4.2.4-1ubuntu0.1
    libpostproc55 - 7:4.2.4-1ubuntu0.1
    libswresample3 - 7:4.2.4-1ubuntu0.1
    libswscale5 - 7:4.2.4-1ubuntu0.1

    Ubuntu 18.04 LTS
    ffmpeg - 7:3.4.8-0ubuntu0.2
    libavcodec-extra57 - 7:3.4.8-0ubuntu0.2
    libavcodec57 - 7:3.4.8-0ubuntu0.2
    libavdevice57 - 7:3.4.8-0ubuntu0.2
    libavfilter-extra6 - 7:3.4.8-0ubuntu0.2
    libavfilter6 - 7:3.4.8-0ubuntu0.2
    libavformat57 - 7:3.4.8-0ubuntu0.2
    libavresample3 - 7:3.4.8-0ubuntu0.2
    libavutil55 - 7:3.4.8-0ubuntu0.2
    libpostproc54 - 7:3.4.8-0ubuntu0.2
    libswresample2 - 7:3.4.8-0ubuntu0.2
    libswscale4 - 7:3.4.8-0ubuntu0.2

    Ubuntu 16.04 LTS
    ffmpeg - 7:2.8.17-0ubuntu0.1
    libavcodec-ffmpeg-extra56 - 7:2.8.17-0ubuntu0.1
    libavcodec-ffmpeg56 - 7:2.8.17-0ubuntu0.1
    libavdevice-ffmpeg56 - 7:2.8.17-0ubuntu0.1
    libavfilter-ffmpeg5 - 7:2.8.17-0ubuntu0.1
    libavformat-ffmpeg56 - 7:2.8.17-0ubuntu0.1
    libavresample-ffmpeg2 - 7:2.8.17-0ubuntu0.1
    libavutil-ffmpeg54 - 7:2.8.17-0ubuntu0.1
    libpostproc-ffmpeg53 - 7:2.8.17-0ubuntu0.1
    libswresample-ffmpeg1 - 7:2.8.17-0ubuntu0.1
    libswscale-ffmpeg3 - 7:2.8.17-0ubuntu0.1

    To update your system, please follow these instructions:
    https://wiki.ubuntu.com/Security/Upgrades.

    In general, a standard system update will make all the necessary
    changes.

    References

    * CVE-2018-15822
    * CVE-2019-11338
    * CVE-2019-12730
    * CVE-2019-13312
    * CVE-2019-13390
    * CVE-2019-17539
    * CVE-2019-17542
    * CVE-2020-12284
    * CVE-2020-13904

    --- Mystic BBS v1.12 A45 (Linux/64)
    * Origin: BZ&BZ BBS (21:4/110)