SUSE Package Hub - openSUSE-2018-172

Update Info

openSUSE-2018-172

Security update for ffmpeg

Type: security
Severity: moderate
Issued: 2018-02-19
Description:
This update for ffmpeg fixes the following issues:

Updated ffmpeg to new bugfix release 3.4.2

  * Fix integer overflows, multiplication overflows, undefined
    shifts, and verify buffer lengths.
  * avfilter/vf_transpose: Fix used plane count
    [boo#1078488, CVE-2018-6392]
  * avcodec/utvideodec: Fix bytes left check in decode_frame()
    [boo#1079368, CVE-2018-6621] 
- Enable use of libzvbi for displaying teletext subtitles.
- Fixed a DoS in swri_audio_convert() [boo#1072366, CVE-2017-17555].

Update to new bugfix release 3.4.1

  * Fixed integer overflows, division by zero, illegal bit shifts
  * Fixed the gmc_mmx function which failed to validate width
    and height [boo#1070762, CVE-2017-17081]
  * Fixed out-of-bounds in VC-2 encoder [boo#1069407, CVE-2017-16840]
  * ffplay: use SDL2 audio API

- install also doc/ffserver.conf

- Update to new upstream release 3.4

  * New video filters: deflicker, doublewave, lumakey, pixscope,
    oscilloscope, robterts, limiter, libvmaf, unpremultiply,
    tlut2, floodifll, pseudocolor, despill, convolve, vmafmotion.
  * New audio filters: afir, crossfeed, surround, headphone,
    superequalizer, haas.
  * Some video filters with several inputs now use a common set
    of options: blend, libvmaf, lut3d, overlay, psnr, ssim. They
    must always be used by name.
  * librsvg support for svg rasterization
  * spec-compliant VP9 muxing support in MP4
  * Remove the libnut and libschroedinger muxer/demuxer wrappers
  * drop deprecated qtkit input device (use avfoundation instead)
  * SUP/PGS subtitle muxer
  * VP9 tile threading support
  * KMS screen grabber
  * CUDA thumbnail filter
  * V4L2 mem2mem HW assisted codecs
  * Rockchip MPP hardware decoding
  * (Not in openSUSE builds, only original ones:)
  * Gremlin Digital Video demuxer and decoder
  * Additional frame format support for Interplay MVE movies
  * Dolby E decoder and SMPTE 337M demuxer
  * raw G.726 muxer and demuxer, left- and right-justified
  * NewTek NDI input/output device
  * FITS demuxer, muxer, decoder and encoder
- Fixed a double free in huffyuv [boo#1064577, CVE-2017-15186]
- Fixed an out-of-bounds in ffv1dec [boo#1066428, CVE-2017-15672]
References

Packages

ffmpeg-3.4.2-14.1