Fedora Linux 8811 Published by

A ffmpeg security update has been released for Fedora 36.



SECURITY: Fedora 36 Update: ffmpeg-5.0.3-1.fc36


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-1e24db98a6
2023-04-22 01:11:17.771474
--------------------------------------------------------------------------------

Name : ffmpeg
Product : Fedora 36
Version : 5.0.3
Release : 1.fc36
URL :   https://ffmpeg.org/
Summary : A complete solution to record, convert and stream audio and video
Description :
FFmpeg is a leading multimedia framework, able to decode, encode, transcode,
mux, demux, stream, filter and play pretty much anything that humans and
machines have created. It supports the most obscure ancient formats up to the
cutting edge. No matter if they were designed by some standards committee, the
community or a corporation.

This build of ffmpeg is limited in the number of codecs supported.

--------------------------------------------------------------------------------
Update Information:

New release with bug fixes across the tree Contains security fixes for
CVE-2022-48434 and CVE-2022-3109.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Apr 6 2023 Neal Gompa - 5.0.3-1
- Update to 5.0.3
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #2154844 - CVE-2022-3109 ffmpeg: Null Pointer Dereference [fedora-36]
  https://bugzilla.redhat.com/show_bug.cgi?id=2154844
[ 2 ] Bug #2182840 - CVE-2022-48434 ffmpeg: Use after free in libavcodec/pthread_frame.c [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=2182840
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-1e24db98a6' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________