what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice USN-6449-1

Ubuntu Security Notice USN-6449-1
Posted Oct 24, 2023
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 6449-1 - It was discovered that FFmpeg incorrectly managed memory resulting in a memory leak. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that FFmpeg incorrectly handled certain input files, leading to an integer overflow. An attacker could possibly use this issue to cause a denial of service via application crash. This issue only affected Ubuntu 20.04 LTS.

tags | advisory, denial of service, overflow, memory leak
systems | linux, ubuntu
advisories | CVE-2020-20898, CVE-2020-22038, CVE-2021-38091, CVE-2021-38092, CVE-2022-48434
SHA-256 | 30ff576e31ffb4f55aa40850734014c7fc975b5ab7b1fea8aaf260af4e227ccd
Download | Favorite | View

Ubuntu Security Notice USN-6449-1

Change Mirror Download
==========================================================================
Ubuntu Security Notice USN-6449-1
October 24, 2023

ffmpeg vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS (Available with Ubuntu Pro)
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)

Summary:

Several security issues were fixed in FFmpeg.

Software Description:
- ffmpeg: Tools for transcoding, streaming and playing of multimedia files

Details:

It was discovered that FFmpeg incorrectly managed memory resulting
in a memory leak. An attacker could possibly use this issue to cause
a denial of service via application crash. This issue only
affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2020-22038)

It was discovered that FFmpeg incorrectly handled certain input files,
leading to an integer overflow. An attacker could possibly use this issue
to cause a denial of service via application crash. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-20898, CVE-2021-38090,
CVE-2021-38091, CVE-2021-38092, CVE-2021-38093, CVE-2021-38094)

It was discovered that FFmpeg incorrectly managed memory, resulting in
a memory leak.  If a user or automated system were tricked into
processing a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service, or execute
arbitrary code. (CVE-2022-48434)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:4.4.2-0ubuntu0.22.04.1+esm2
   libavcodec-extra                7:4.4.2-0ubuntu0.22.04.1+esm2
   libavcodec-extra58              7:4.4.2-0ubuntu0.22.04.1+esm2
   libavcodec58                    7:4.4.2-0ubuntu0.22.04.1+esm2
   libavdevice58                   7:4.4.2-0ubuntu0.22.04.1+esm2
   libavfilter-extra               7:4.4.2-0ubuntu0.22.04.1+esm2
   libavfilter-extra7              7:4.4.2-0ubuntu0.22.04.1+esm2
   libavfilter7                    7:4.4.2-0ubuntu0.22.04.1+esm2
   libavformat-extra               7:4.4.2-0ubuntu0.22.04.1+esm2
   libavformat-extra58             7:4.4.2-0ubuntu0.22.04.1+esm2
   libavformat58                   7:4.4.2-0ubuntu0.22.04.1+esm2
   libavutil56                     7:4.4.2-0ubuntu0.22.04.1+esm2
   libpostproc55                   7:4.4.2-0ubuntu0.22.04.1+esm2
   libswresample3                  7:4.4.2-0ubuntu0.22.04.1+esm2
   libswscale-dev                  7:4.4.2-0ubuntu0.22.04.1+esm2
   libswscale5                     7:4.4.2-0ubuntu0.22.04.1+esm2

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:4.2.7-0ubuntu0.1+esm3
   libavcodec-extra                7:4.2.7-0ubuntu0.1+esm3
   libavcodec-extra58              7:4.2.7-0ubuntu0.1+esm3
   libavcodec58                    7:4.2.7-0ubuntu0.1+esm3
   libavdevice58                   7:4.2.7-0ubuntu0.1+esm3
   libavfilter-extra               7:4.2.7-0ubuntu0.1+esm3
   libavfilter-extra7              7:4.2.7-0ubuntu0.1+esm3
   libavfilter7                    7:4.2.7-0ubuntu0.1+esm3
   libavformat58                   7:4.2.7-0ubuntu0.1+esm3
   libavresample4                  7:4.2.7-0ubuntu0.1+esm3
   libavutil56                     7:4.2.7-0ubuntu0.1+esm3
   libpostproc55                   7:4.2.7-0ubuntu0.1+esm3
   libswresample3                  7:4.2.7-0ubuntu0.1+esm3
   libswscale5                     7:4.2.7-0ubuntu0.1+esm3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   ffmpeg                          7:3.4.11-0ubuntu0.1+esm3
   libavcodec-extra                7:3.4.11-0ubuntu0.1+esm3
   libavcodec-extra57              7:3.4.11-0ubuntu0.1+esm3
   libavcodec57                    7:3.4.11-0ubuntu0.1+esm3
   libavdevice57                   7:3.4.11-0ubuntu0.1+esm3
   libavfilter-extra               7:3.4.11-0ubuntu0.1+esm3
   libavfilter-extra6              7:3.4.11-0ubuntu0.1+esm3
   libavfilter6                    7:3.4.11-0ubuntu0.1+esm3
   libavformat57                   7:3.4.11-0ubuntu0.1+esm3
   libavresample3                  7:3.4.11-0ubuntu0.1+esm3
   libavutil55                     7:3.4.11-0ubuntu0.1+esm3
   libpostproc54                   7:3.4.11-0ubuntu0.1+esm3
   libswresample2                  7:3.4.11-0ubuntu0.1+esm3
   libswscale4                     7:3.4.11-0ubuntu0.1+esm3

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6449-1
   CVE-2020-20898, CVE-2020-22038, CVE-2021-38090, CVE-2021-38091,
   CVE-2021-38092, CVE-2021-38093, CVE-2021-38094, CVE-2022-48434

Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close