Ubuntu
ffmpeg package

FFmpeg security fixes February 2016

Bug #1541622 reported by Andreas Cadhalpun
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
ffmpeg (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

FFmpeg 2.7.6 fixing a number of crashes and other potentially security relevant issues (including CVE-2016-2213) was released.

From the upstream Changelog:

version 2.7.6
- avcodec/jpeg2000dec: More completely check cdef
- avutil/opt: check for and handle errors in av_opt_set_dict2()
- avcodec/flacenc: fix calculation of bits required in case of custom sample rate
- avformat: Document urls a bit
- avformat/libquvi: Set default demuxer and protocol limitations
- avformat/concat: Check protocol prefix
- doc/demuxers: Document enable_drefs and use_absolute_path
- avcodec/mjpegdec: Check for end for both bytes in unescaping
- avcodec/mpegvideo_enc: Check for integer overflow in ff_mpv_reallocate_putbitbuffer()
- avformat/avformat: Replace some references to filenames by urls
- avcodec/wmaenc: Check ff_wma_init() for failure
- avcodec/mpeg12enc: Move high resolution thread check to before initializing threads
- avformat/img2dec: Use AVOpenCallback
- avformat/avio: Limit url option parsing to the documented cases
- avformat/img2dec: do not interpret the filename by default if a IO context has been opened
- avcodec/ass_split: Fix null pointer dereference in ff_ass_style_get()
- mov: Add an option to toggle dref opening
- avcodec/gif: Fix lzw buffer size
- avcodec/put_bits: Assert buf_ptr in flush_put_bits()
- avcodec/tiff: Check subsample & rps values more completely
- swscale/swscale: Add some sanity checks for srcSlice* parameters
- swscale/x86/rgb2rgb_template: Fix planar2x() for short width
- swscale/swscale_unscaled: Fix odd height inputs for bayer_to_yv12_wrapper()
- swscale/swscale_unscaled: Fix odd height inputs for bayer_to_rgb24_wrapper()
- avcodec/aacenc: Check both channels for finiteness
- swscale/swscale-test: Fix slice height in random reference data creation.
- dca: fix misaligned access in avpriv_dca_convert_bitstream
- brstm: fix missing closing brace
- brstm: also allocate b->table in read_packet
- brstm: make sure an ADPC chunk was read for adpcm_thp
- vorbisdec: reject rangebits 0 with non-0 partitions
- vorbisdec: reject channel mapping with less than two channels
- ffmdec: reset packet_end in case of failure
- avformat/ipmovie: put video decoding_map_size into packet and use it in decoder

Tags: patch

CVE References

Andreas Cadhalpun (andreas-cadhalpun)
information type: Private Security → Public Security
Revision history for this message
Andreas Cadhalpun (andreas-cadhalpun) wrote :

Attached is a debdiff. (git repo is at [1])

Testing performed (in a wily chroot):
 * build including test suite works
 * installation works
 * upgrade works
 * autopkgtests pass

1: https://anonscm.debian.org/cgit/pkg-multimedia/ffmpeg.git/log/?h=wily

Revision history for this message
Andreas Cadhalpun (andreas-cadhalpun) wrote :

As I understand it vivid will be EOL'ed tomorrow, so I don't think it'll need an update for this.
However, I could prepare a debdiff for 2.5.11 if that would be useful.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "debdiff for 2.7.6" seems to be a debdiff. The ubuntu-sponsors team has been subscribed to the bug report so that they can review and hopefully sponsor the debdiff. If the attachment isn't a patch, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are member of the ~ubuntu-sponsors, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issue please contact him.]

tags: added: patch
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for the debdiff! Yes, you can skip vivid and 2.5.x.

Revision history for this message
Tyler Hicks (tyhicks) wrote :

Thanks for the debdiff! The debian/changelog hunk was somehow malformed and had a slight typo but those were easy fixes. The update is building in the security PPA and I plan to release it in the morning.

Changed in ffmpeg (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ffmpeg - 7:2.7.6-0ubuntu0.15.10.1

---------------
ffmpeg (7:2.7.6-0ubuntu0.15.10.1) wily-security; urgency=medium

  * Import new upstream bugfix release 2.7.6.
     - Fixes CVE-2016-2213. (LP: #1541622)
  * Use ubuntu versions for debian-tag in gbp.conf.

 -- Andreas Cadhalpun <email address hidden> Wed, 03 Feb 2016 23:38:37 +0100

Changed in ffmpeg (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.