1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4990-1] ffmpeg security update

    From Moritz Muehlenhoff@21:1/5 to All on Tue Oct 19 21:00:02 2021
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4990-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff October 19, 2021 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : ffmpeg
    CVE ID : CVE-2020-20445 CVE-2020-20446 CVE-2020-20453 CVE-2020-21041
    CVE-2020-22015 CVE-2020-22016 CVE-2020-22017 CVE-2020-22019
    CVE-2020-22020 CVE-2020-22021 CVE-2020-22022 CVE-2020-22023
    CVE-2020-22025 CVE-2020-22026 CVE-2020-22027 CVE-2020-22028
    CVE-2020-22029 CVE-2020-22030 CVE-2020-22031 CVE-2020-22032
    CVE-2020-22033 CVE-2020-22034 CVE-2020-22035 CVE-2020-22036
    CVE-2020-22037 CVE-2020-22049 CVE-2020-22054 CVE-2020-35965
    CVE-2021-38114 CVE-2021-38171 CVE-2021-38291

    Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the
    execution of arbitrary code if malformed files/streams are processed.

    For the oldstable distribution (buster), these problems have been fixed
    in version 7:4.1.8-0+deb10u1.

    We recommend that you upgrade your ffmpeg packages.

    For the detailed security status of ffmpeg please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/ffmpeg

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFvE0MACgkQEMKTtsN8 Tjar1A//XPaJ4SP7JyAs3H845zwESim4+SsoK2sdz5fkFIiaM17lHcVTeQyDbGtw 5E9LfBRw9oxseU+6pCze3LdwqDKhdwiotDgWj4NZ8OJBLz4Iq12nJMkKCXAaTdFp 8pBYhrgLloyl+6Tdc76jBGMT9KhXtaWrNhsI/T01KNMD0yhOMBzgmgOJi7NgoMcS /mk6TAfW5zGClMWCAVPHwmCx4S6C+8O99pgGdavbBZhtdFqZETgYFln8H3Wpw8V9 93MF4Qbwq7kZ3NLI+Jie5shM50ootzcHa8RP7Aaf+3K4mZ/9ORo8rvJF7mcJi4EG fE/e0x/Q4bezdFbbgDFVLMzEq9vdO1UevO8gCWlfe17nh+JB3BEiwO9mF+cUuvb5 ySH8FA2W9EWEGEZgdgk2h8suHQ5ELI3sNLPnc9VA2IXF/PVl3Gm3vK3+ELedP5Lw WK2QlWOiVPkzAvcY8EXtEzIMCdnioMKkrcr5bDzfCeL7FTR0A6St+NKYWO/31R2h c6WGxAOMXSSSKe1j48mrsbqNlzPv7LwDyjS70ZJ3QrtQ4dp+prxnAD3A4uDk6fyO 7Qs466QF0bYRJP/I0DggKEwQKvdK9MSubSgftz414J+bqfE3WqUOjtUneN4ZTQx0 WXA7cPN/2rolLx2UGygPfqjlTcdFBFwWrBfXpu34jYD7ONiKGTU=
    =i0d7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)