OVAL Reference oval:org.opensuse.security:def:1474

Oval Definition:

oval:org.opensuse.security:def:1474

Revision Date:	2021-07-14	Version:	1
Title:	Security update for ffmpeg (Important)
Description:	This update for ffmpeg fixes the following issues: - CVE-2020-13904: Fixed use-after-free via a crafted EXTINF duration in an m3u8 file (bsc#1172640). - CVE-2020-21041: Fixed buffer overflow vulnerability via apng_do_inverse_blend in libavcodec/pngenc.c (bsc#1186406). - CVE-2019-17539: Fixed NULL pointer dereference in avcodec_open2 in libavcodec/utils.c (bsc# 1154065). - CVE-2020-22026: Fixed buffer overflow vulnerability in config_input() at libavfilter/af_tremolo.c (bsc#1186583). - CVE-2020-22021: Fixed buffer overflow vulnerability in filter_edges function in libavfilter/vf_yadif.c (bsc#1186586). - CVE-2020-22020: Fixed buffer overflow vulnerability in build_diff_map() in libavfilter/vf_fieldmatch.c (bsc#1186587). - CVE-2020-22015: Fixed buffer overflow vulnerability in mov_write_video_tag() due to the out of bounds in libavformat/movenc.c (bsc#1186596). - CVE-2020-22016: Fixed a heap-based Buffer Overflow vulnerability at libavcodec/get_bits.h when writing .mov files (bsc#1186598). - CVE-2020-22017: Fixed a heap-based Buffer Overflow vulnerability in ff_fill_rectangle() in libavfilter/drawutils.c (bsc#1186600). - CVE-2020-22022: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_fieldorder.c (bsc#1186603). - CVE-2020-22023: Fixed a heap-based Buffer Overflow vulnerability in filter_frame at libavfilter/vf_bitplanenoise.c (bsc#1186604) - CVE-2020-22025: Fixed a heap-based Buffer Overflow vulnerability in gaussian_blur at libavfilter/vf_edgedetect.c (bsc#1186605). - CVE-2020-22031: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_w3fdif.c in filter16_complex_low() (bsc#1186613). - CVE-2020-22032: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_edgedetect.c in gaussian_blur() (bsc#1186614). - CVE-2020-22034: Fixed a heap-based Buffer Overflow vulnerability at libavfilter/vf_floodfill.c (bsc#1186616). - CVE-2020-20451: Fixed denial of service issue due to resource management errors via fftools/cmdutils.c (bsc#1186658). - CVE-2020-20448: Fixed divide by zero issue via libavcodec/ratecontrol.c (bsc#1186660). - CVE-2020-22038: Fixed denial of service vulnerability due to a memory leak in the ff_v4l2_m2m_create_context function in v4l2_m2m.c (bsc#1186757). - CVE-2020-22039: Fixed denial of service vulnerability due to a memory leak in the inavi_add_ientry function (bsc#1186758). - CVE-2020-22043: Fixed denial of service vulnerability due to a memory leak at the fifo_alloc_common function in libavutil/fifo.c (bsc#1186762). - CVE-2020-22044: Fixed denial of service vulnerability due to a memory leak in the url_open_dyn_buf_internal function in libavformat/aviobuf.c (bsc#1186763). - CVE-2020-22033,CVE-2020-22019: Fixed a heap-based Buffer Overflow Vulnerability at libavfilter/vf_vmafmotion.c in convolution_y_8bit() and in convolution_y_10bit() in libavfilter/vf_vmafmotion.c (bsc#1186615, bsc#1186597).
Family:	unix	Class:	patch
Status:		Reference(s):	1108606 1115717 1121626 1125113 1172640 1186406 1186583 1186586 1186587 1186596 1186597 1186598 1186600 1186603 1186604 1186605 1186613 1186614 1186615 1186616 1186658 1186660 1186757 1186758 1186762 1186763 CVE-2013-7038 CVE-2013-7039 CVE-2016-0772 CVE-2016-1000110 CVE-2016-5636 CVE-2016-5699 CVE-2017-1000158 CVE-2018-1000802 CVE-2018-17000 CVE-2018-17000 CVE-2018-19210 CVE-2018-19210 CVE-2019-17539 CVE-2019-6128 CVE-2019-6128 CVE-2019-7663 CVE-2019-7663 CVE-2020-13904 CVE-2020-20448 CVE-2020-20451 CVE-2020-21041 CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019 CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023 CVE-2020-22025 CVE-2020-22026 CVE-2020-22031 CVE-2020-22032 CVE-2020-22033 CVE-2020-22034 CVE-2020-22038 CVE-2020-22039 CVE-2020-22043 CVE-2020-22044 SUSE-SU-2019:0786-1 SUSE-SU-2021:2322-1
Platform(s):	SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Containers 15 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Package Hub 15 SP3 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Python2 packages 15 SP1 SUSE Linux Enterprise Module for Realtime packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Server 11-SECURITY SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12-LTSS SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 11 SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0	Product(s):
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND libzip2-0.11.1-4 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information aaa_base-13.2+git20140911.61c1681-9 is installed OR aaa_base-extras-13.2+git20140911.61c1681-9 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information DirectFB-1.7.1-6 is installed OR lib++dfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-1.7.1-6 is installed OR libdirectfb-1_7-1-32bit-1.7.1-6 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND cifs-utils-6.5-8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information libmicrohttpd-devel-0.9.57-1.33 is installed OR libmicrohttpd12-0.9.57-1.33 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 is installed AND Package Information libtiff-devel-4.0.9-5.27 is installed OR libtiff5-4.0.9-5.27 is installed OR tiff-4.0.9-5.27 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information libtag1-1.11.1-4.3 is installed OR taglib-1.11.1-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 15 is installed AND Package Information containerd-1.1.2-5.3 is installed OR docker-18.06.1_ce-6.8 is installed OR docker-bash-completion-18.06.1_ce-6.8 is installed OR docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3 is installed OR docker-runc-1.0.0rc5+gitr3562_69663f0bd4b6-6.3 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2664_3ac297bc7fd0-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 15 SP1 is installed AND Package Information containerd-1.2.5-5.13 is installed OR docker-18.09.6_ce-6.17 is installed OR docker-bash-completion-18.09.6_ce-6.17 is installed OR docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed OR docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information cairo-1.15.10-4.5 is installed OR libcairo2-32bit-1.15.10-4.5 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information crash-7.2.1-3.2 is installed OR crash-devel-7.2.1-3.2 is installed OR crash-kmp-default-7.2.1_k4.12.14_23-3.2 is installed OR lttng-modules-2.10.0-5.2 is installed OR lttng-modules-kmp-default-2.10.0_k4.12.14_23-5.2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Package Hub 15 SP3 is installed AND Package Information ffmpeg-3.4.2-11.3.1 is installed OR libavdevice57-3.4.2-11.3.1 is installed OR libavfilter6-3.4.2-11.3.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 15 is installed AND Package Information kernel-azure-4.12.14-5.13 is installed OR kernel-azure-base-4.12.14-5.13 is installed OR kernel-azure-devel-4.12.14-5.13 is installed OR kernel-devel-azure-4.12.14-5.13 is installed OR kernel-source-azure-4.12.14-5.13 is installed OR kernel-syms-azure-4.12.14-5.13 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Python2 packages 15 SP1 is installed AND Package Information python-curses-2.7.14-7.11 is installed OR python-gdbm-2.7.14-7.11 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Realtime packages 15 SP1 is installed AND Package Information cluster-md-kmp-rt-4.12.14-14.8 is installed OR dlm-kmp-rt-4.12.14-14.8 is installed OR gfs2-kmp-rt-4.12.14-14.8 is installed OR kernel-devel-rt-4.12.14-14.8 is installed OR kernel-rt-4.12.14-14.8 is installed OR kernel-rt-base-4.12.14-14.8 is installed OR kernel-rt-devel-4.12.14-14.8 is installed OR kernel-rt_debug-4.12.14-14.8 is installed OR kernel-rt_debug-devel-4.12.14-14.8 is installed OR kernel-source-rt-4.12.14-14.8 is installed OR kernel-syms-rt-4.12.14-14.8 is installed OR ocfs2-kmp-rt-4.12.14-14.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information qemu-2.11.2-9.4 is installed OR qemu-arm-2.11.2-9.4 is installed OR qemu-block-curl-2.11.2-9.4 is installed OR qemu-block-iscsi-2.11.2-9.4 is installed OR qemu-block-rbd-2.11.2-9.4 is installed OR qemu-block-ssh-2.11.2-9.4 is installed OR qemu-guest-agent-2.11.2-9.4 is installed OR qemu-ipxe-1.0.0-9.4 is installed OR qemu-kvm-2.11.2-9.4 is installed OR qemu-lang-2.11.2-9.4 is installed OR qemu-ppc-2.11.2-9.4 is installed OR qemu-s390-2.11.2-9.4 is installed OR qemu-seabios-1.11.0-9.4 is installed OR qemu-sgabios-8-9.4 is installed OR qemu-vgabios-1.11.0-9.4 is installed OR qemu-x86-2.11.2-9.4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information gnome-keyring-3.10.1-11 is installed OR gnome-keyring-32bit-3.10.1-11 is installed OR gnome-keyring-lang-3.10.1-11 is installed OR gnome-keyring-pam-3.10.1-11 is installed OR gnome-keyring-pam-32bit-3.10.1-11 is installed OR libgck-modules-gnome-keyring-3.10.1-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND libjansson4-2.7-1.2 is installed

BACK