Security update for ffmpeg SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:3293-1 Final 1 1 2021-10-06T14:48:13Z current 2021-10-06T14:48:13Z 2021-10-06T14:48:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for ffmpeg This update for ffmpeg fixes the following issues: - CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-3293 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2AYA6VEHMLTAF6FDL4C6CPC73YV5SVJY/ E-Mail link for openSUSE-SU-2021:3293-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186761 SUSE Bug 1186761 https://www.suse.com/security/cve/CVE-2020-22042/ SUSE CVE CVE-2020-22042 page openSUSE Leap 15.3 ffmpeg-3.4.2-11.14.1 ffmpeg-private-devel-3.4.2-11.14.1 libavcodec-devel-3.4.2-11.14.1 libavcodec57-3.4.2-11.14.1 libavcodec57-32bit-3.4.2-11.14.1 libavdevice-devel-3.4.2-11.14.1 libavdevice57-3.4.2-11.14.1 libavdevice57-32bit-3.4.2-11.14.1 libavfilter-devel-3.4.2-11.14.1 libavfilter6-3.4.2-11.14.1 libavfilter6-32bit-3.4.2-11.14.1 libavformat-devel-3.4.2-11.14.1 libavformat57-3.4.2-11.14.1 libavformat57-32bit-3.4.2-11.14.1 libavresample-devel-3.4.2-11.14.1 libavresample3-3.4.2-11.14.1 libavresample3-32bit-3.4.2-11.14.1 libavutil-devel-3.4.2-11.14.1 libavutil55-3.4.2-11.14.1 libavutil55-32bit-3.4.2-11.14.1 libpostproc-devel-3.4.2-11.14.1 libpostproc54-3.4.2-11.14.1 libpostproc54-32bit-3.4.2-11.14.1 libswresample-devel-3.4.2-11.14.1 libswresample2-3.4.2-11.14.1 libswresample2-32bit-3.4.2-11.14.1 libswscale-devel-3.4.2-11.14.1 libswscale4-3.4.2-11.14.1 libswscale4-32bit-3.4.2-11.14.1 ffmpeg-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 ffmpeg-private-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavcodec-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavcodec57-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavcodec57-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavdevice-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavdevice57-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavdevice57-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavfilter-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavfilter6-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavfilter6-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavformat-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavformat57-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavformat57-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavresample-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavresample3-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavresample3-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavutil-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavutil55-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libavutil55-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libpostproc-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libpostproc54-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libpostproc54-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libswresample-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libswresample2-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libswresample2-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libswscale-devel-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libswscale4-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 libswscale4-32bit-3.4.2-11.14.1 as a component of openSUSE Leap 15.3 A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory leak is affected by: memory leak in the link_filter_inouts function in libavfilter/graphparser.c. CVE-2020-22042 openSUSE Leap 15.3:ffmpeg-3.4.2-11.14.1 openSUSE Leap 15.3:ffmpeg-private-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libavcodec-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libavcodec57-3.4.2-11.14.1 openSUSE Leap 15.3:libavcodec57-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libavdevice-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libavdevice57-3.4.2-11.14.1 openSUSE Leap 15.3:libavdevice57-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libavfilter-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libavfilter6-3.4.2-11.14.1 openSUSE Leap 15.3:libavfilter6-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libavformat-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libavformat57-3.4.2-11.14.1 openSUSE Leap 15.3:libavformat57-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libavresample-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libavresample3-3.4.2-11.14.1 openSUSE Leap 15.3:libavresample3-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libavutil-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libavutil55-3.4.2-11.14.1 openSUSE Leap 15.3:libavutil55-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libpostproc-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libpostproc54-3.4.2-11.14.1 openSUSE Leap 15.3:libpostproc54-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libswresample-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libswresample2-3.4.2-11.14.1 openSUSE Leap 15.3:libswresample2-32bit-3.4.2-11.14.1 openSUSE Leap 15.3:libswscale-devel-3.4.2-11.14.1 openSUSE Leap 15.3:libswscale4-3.4.2-11.14.1 openSUSE Leap 15.3:libswscale4-32bit-3.4.2-11.14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2AYA6VEHMLTAF6FDL4C6CPC73YV5SVJY/ https://www.suse.com/security/cve/CVE-2020-22042.html CVE-2020-22042 https://bugzilla.suse.com/1186761 SUSE Bug 1186761