An update that fixes 5 vulnerabilities is now available.
Description:
This update for ffmpeg-4 fixes the following issues:
ffmpeg-4 was updated to version 4.0.5, fixes boo#1133153
- CVE-2019-11339: The studio profile decoder in libavcodec/mpeg4videodec.c
in FFmpeg 4.0 allowed remote attackers to cause a denial of service
(out-of-array access) or possibly have unspecified. (bsc#1133153)
- For other changes see /usr/share/doc/packages/libavcodec58/Changelog
Update to version 4.2.1:
- Stable bug fix release, mainly codecs and format fixes.
- CVE-2019-15942: Conditional jump or move depends on uninitialised value"
issue in h2645_parse (boo#1149839)
Update to FFmpeg 4.2 “Ada”
- tpad filter
- AV1 decoding support through libdav1d
- dedot filter
- chromashift and rgbashift filters
- freezedetect filter
- truehd_core bitstream filter
- dhav demuxer
- PCM-DVD encoder
- GIF parser
- vividas demuxer
- hymt decoder
- anlmdn filter
- maskfun filter
- hcom demuxer and decoder
- ARBC decoder
- libaribb24 based ARIB STD-B24 caption support (profiles A and C)
- Support decoding of HEVC 4:4:4 content in nvdec and cuviddec
- removed libndi-newtek
- agm decoder
- KUX demuxer
- AV1 frame split bitstream filter
- lscr decoder
- lagfun filter
- asoftclip filter
- Support decoding of HEVC 4:4:4 content in vdpau
- colorhold filter
- xmedian filter
- asr filter
- showspatial multimedia filter
- VP4 video decoder
- IFV demuxer
- derain filter
- deesser filter
- mov muxer writes tracks with unspecified language instead of English by
default
- added support for using clang to compile CUDA kernels
- See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete
changelog.
Update to version 4.1.4
- See /usr/share/doc/packages/ffmpeg-4/Changelog for the complete
changelog.
- Enable runtime enabling for fdkaac via --enable-libfdk-aac-dlopen
Update to version 4.1.3:
- Updates and bug fixes for codecs, filters and formats. [boo#1133153,
boo#1133155, CVE-2019-11338, CVE-2019-11339]
Update to version 4.1.2:
- Updates and bug fixes for codecs, filters and formats.
Update to version 4.1.1:
- Various filter and codec fixes and enhancements.
- configure: Add missing xlib dependency for VAAPI X11 code.
- For complete changelog, see /usr/share/doc/packages/ffmpeg-4/Changelog
- enable AV1 support on x86_64
Update ffmpeg to 4.1:
- Lots of filter updates as usual: deblock, tmix, aplify, fftdnoiz,
aderivative, aintegral, pal75bars, pal100bars, adeclick, adeclip,
lensfun (wrapper), colorconstancy, 1D LUT filter (lut1d), cue, acue,
transpose_npp, amultiply, Block-Matching 3d (bm3d) denoising filter,
acrossover filter, audio denoiser as afftdn filter, sinc audio filter
source, chromahold, setparams, vibrance, xstack, (a)graphmonitor filter
yadif_cuda filter.
- AV1 parser
- Support for AV1 in MP4
- PCM VIDC decoder and encoder
- libtensorflow backend for DNN based filters like srcnn
- – The following only enabled in third-party builds:
- ATRAC9 decoder
- AVS2 video decoder via libdavs2
- IMM4 video decoder
- Brooktree ProSumer video decoder
- MatchWare Screen Capture Codec decoder
- WinCam Motion Video decoder
- RemotelyAnywhere Screen Capture decoder
- AVS2 video encoder via libxavs2
- ILBC decoder
- SER demuxer
- Decoding S12M timecode in H264
- For complete changelog, see
https://git.ffmpeg.org/gitweb/ffmpeg.git/shortlog/n4.1
Update ffmpeg to 4.0.3:
- CVE-2018-13305: Added a missing check for negative values of mqaunt
variable (boo#1100345).
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-24=1
-
openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-24=1
-
openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2020-24=1
-
SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2020-24=1