openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:4333-1)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.856852

Kategorie: openSUSE Local Security Checks

Titel: openSUSE Security Advisory (SUSE-SU-2024:4333-1)

Zusammenfassung: The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.

Vulnerability Insight:
- aomedia:3349: heap overflow when increasing resolution
- aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning
on aom/av1/encoder/motion_search_facade.c
- aomedia:3489: Detect encoder and image high bit depth
mismatch
- aomedia:3491: heap-buffer-overflow on frame size change
- b/303023614: Segfault at encoding time for high bit depth
images

- New upstream release 3.7.0

- New Features

* New codec controls:

* AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame.
* AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta
quantization in all intra mode. The 'enable-rate-guide-deltaq' option is
added for this control.
* AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate
distribution used in all intra mode. The 'rate-distribution-info' option
is added for this control.
* AV1E_GET_LUMA_CDEF_STRENGTH
* AV1E_SET_BITRATE_ONE_PASS_CBR

* AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling.
* aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP.
The 'tune' option is extended to include 'vmaf_saliency_map'.
* SVC example encoder svc_encoder_rtc is able to use the rate control
library.
* Loopfilter level and CDEF filter level is supported by RTC rate control
library.
* New speed (--cpu-used) 11, intended for RTC screen sharing, added for
faster encoding with ~
3% bdrate loss with 16% IC (instruction count)
speedup compared to speed 10.

- Compression Efficiency Improvements

* Improved VoD encoding performance

* 0.1-0.6% BDrate gains for encoding speeds 2 to 6
* Rate control accuracy improvement in VBR mode

* RTC encoding improvements

* Screen content mode: 10-19% BDrate gains for speeds 6 - 10
* Temporal layers video mode, for speed 10:

* 2 temporal layers on low resolutions: 13-15% BDrate gain
* 3 temporal layers on VGA/HD: 3-4% BDrate gain

- Perceptual Quality Improvements

* Fixed multiple block and color artifacts for RTC screen content by

* Incorporating color into RD cost for IDTX
* Reducing thresholds for palette mode in non RD mode
* Allowing more palette mode testing

* Improved color sensitivity for altref in non-RD mode.
* Reduced video flickering for temporal layer encoding.

- Speedup and Memory Optimizations

* Speed up the VoD encoder

* 2-5% for encoding speed 2 to 4
* 9-15% for encoding speed 5 to 6
* ARM

* Standard bitdepth

* speed 5: +31%
* speed 4: +2%
* speed 3: +9%
* speed 2: +157%

* High bitdepth

* speed 5: +85%

* RTC speedups

* Screen content mode

* 15% IC speedup for speeds 6-8
* ARM: 7% for speed 9, 3% for speed 10

* Temporal layers video mode

* 7% speedup for 3 temporal layers on VGA/HD, for speed 10

* Single layer video

* x86: 2% IC speedup for speeds 7-10
* ARM: 2-4% speedup across speeds 5-10

- Bug Fixes

* aomedia:3261 Assertion failed when encoding av1 with film grain and
'--monochrome' flag
* ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libaom, libyuv' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2023-6879
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1
https://crbug.com/aomedia/3491

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.856852
Kategorie:	openSUSE Local Security Checks
Titel:	openSUSE Security Advisory (SUSE-SU-2024:4333-1)
Zusammenfassung:	The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory. Vulnerability Insight: - aomedia:3349: heap overflow when increasing resolution - aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning on aom/av1/encoder/motion_search_facade.c - aomedia:3489: Detect encoder and image high bit depth mismatch - aomedia:3491: heap-buffer-overflow on frame size change - b/303023614: Segfault at encoding time for high bit depth images - New upstream release 3.7.0 - New Features * New codec controls: * AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame. * AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta quantization in all intra mode. The 'enable-rate-guide-deltaq' option is added for this control. * AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate distribution used in all intra mode. The 'rate-distribution-info' option is added for this control. * AV1E_GET_LUMA_CDEF_STRENGTH * AV1E_SET_BITRATE_ONE_PASS_CBR * AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling. * aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP. The 'tune' option is extended to include 'vmaf_saliency_map'. * SVC example encoder svc_encoder_rtc is able to use the rate control library. * Loopfilter level and CDEF filter level is supported by RTC rate control library. * New speed (--cpu-used) 11, intended for RTC screen sharing, added for faster encoding with ~ 3% bdrate loss with 16% IC (instruction count) speedup compared to speed 10. - Compression Efficiency Improvements * Improved VoD encoding performance * 0.1-0.6% BDrate gains for encoding speeds 2 to 6 * Rate control accuracy improvement in VBR mode * RTC encoding improvements * Screen content mode: 10-19% BDrate gains for speeds 6 - 10 * Temporal layers video mode, for speed 10: * 2 temporal layers on low resolutions: 13-15% BDrate gain * 3 temporal layers on VGA/HD: 3-4% BDrate gain - Perceptual Quality Improvements * Fixed multiple block and color artifacts for RTC screen content by * Incorporating color into RD cost for IDTX * Reducing thresholds for palette mode in non RD mode * Allowing more palette mode testing * Improved color sensitivity for altref in non-RD mode. * Reduced video flickering for temporal layer encoding. - Speedup and Memory Optimizations * Speed up the VoD encoder * 2-5% for encoding speed 2 to 4 * 9-15% for encoding speed 5 to 6 * ARM * Standard bitdepth * speed 5: +31% * speed 4: +2% * speed 3: +9% * speed 2: +157% * High bitdepth * speed 5: +85% * RTC speedups * Screen content mode * 15% IC speedup for speeds 6-8 * ARM: 7% for speed 9, 3% for speed 10 * Temporal layers video mode * 7% speedup for 3 temporal layers on VGA/HD, for speed 10 * Single layer video * x86: 2% IC speedup for speeds 7-10 * ARM: 2-4% speedup across speeds 5-10 - Bug Fixes * aomedia:3261 Assertion failed when encoding av1 with film grain and '--monochrome' flag * ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libaom, libyuv' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2023-6879 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/ https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 https://crbug.com/aomedia/3491
Copyright	Copyright (C) 2024 Greenbone AG