Oval Definition:oval:org.opensuse.security:def:70832
Revision Date:2021-09-02Version:1
Title:Security update for ffmpeg (Important)
Description:

This update for ffmpeg fixes the following issues:

- CVE-2019-9721: Fix denial of service in the subtitle decoder in handle_open_brace from libavcodec/htmlsubtitles.c (bsc#1129714). - CVE-2020-22046: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the avpriv_float_dsp_allocl function in libavutil/float_dsp.c (bsc#1186849). - CVE-2020-22048: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the ff_frame_pool_get function in framepool.c (bsc#1186859). - CVE-2020-22049: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the wtvfile_open_sector function in wtvdec.c (bsc#1186861). - CVE-2020-22054: Fix a denial of service vulnerability exists in FFmpeg 4.2 due to a memory leak in the av_dict_set function in dict.c (bsc#1186863). - CVE-2020-21688: Fixed a heap-use-after-free in the av_freep function in libavutil/mem.c (bsc#1189348). - CVE-2020-21697: Fixed a heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c (bsc#1189350). - CVE-2021-38114: Fixed a not checked return value of the init_vlc function (bsc#1189142).
Family:unixClass:patch
Status:Reference(s):1129714
1162117
1166844
1166916
1172442
1172443
1186849
1186859
1186861
1186863
1189142
1189348
1189350
CVE-2014-0172
CVE-2014-9447
CVE-2019-9721
CVE-2020-10531
CVE-2020-11080
CVE-2020-21688
CVE-2020-21697
CVE-2020-22046
CVE-2020-22048
CVE-2020-22049
CVE-2020-22054
CVE-2020-7598
CVE-2020-8174
CVE-2021-38114
SUSE-SU-2020:1568-1
SUSE-SU-2021:2919-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Workstation Extension 15 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • elfutils-0.168-2 is installed
  • OR elfutils-lang-0.168-2 is installed
  • OR libasm-devel-0.168-2 is installed
  • OR libasm1-0.168-2 is installed
  • OR libdw-devel-0.168-2 is installed
  • OR libdw1-0.168-2 is installed
  • OR libdw1-32bit-0.168-2 is installed
  • OR libebl-devel-0.168-2 is installed
  • OR libebl-plugins-0.168-2 is installed
  • OR libebl-plugins-32bit-0.168-2 is installed
  • OR libelf-devel-0.168-2 is installed
  • OR libelf1-0.168-2 is installed
  • OR libelf1-32bit-0.168-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • AND Package Information
  • nodejs10-10.21.0-1.21 is installed
  • OR nodejs10-devel-10.21.0-1.21 is installed
  • OR nodejs10-docs-10.21.0-1.21 is installed
  • OR npm10-10.21.0-1.21 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP3 is installed
  • AND Package Information
  • libavcodec-devel-3.4.2-11.8.2 is installed
  • OR libavformat-devel-3.4.2-11.8.2 is installed
  • OR libavresample-devel-3.4.2-11.8.2 is installed
  • OR libavresample3-3.4.2-11.8.2 is installed
    • BACK