openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:4333-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.856852

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2024:4333-1)

Resumen: The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.

Vulnerability Insight:
- aomedia:3349: heap overflow when increasing resolution
- aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning
on aom/av1/encoder/motion_search_facade.c
- aomedia:3489: Detect encoder and image high bit depth
mismatch
- aomedia:3491: heap-buffer-overflow on frame size change
- b/303023614: Segfault at encoding time for high bit depth
images

- New upstream release 3.7.0

- New Features

* New codec controls:

* AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame.
* AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta
quantization in all intra mode. The 'enable-rate-guide-deltaq' option is
added for this control.
* AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate
distribution used in all intra mode. The 'rate-distribution-info' option
is added for this control.
* AV1E_GET_LUMA_CDEF_STRENGTH
* AV1E_SET_BITRATE_ONE_PASS_CBR

* AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling.
* aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP.
The 'tune' option is extended to include 'vmaf_saliency_map'.
* SVC example encoder svc_encoder_rtc is able to use the rate control
library.
* Loopfilter level and CDEF filter level is supported by RTC rate control
library.
* New speed (--cpu-used) 11, intended for RTC screen sharing, added for
faster encoding with ~
3% bdrate loss with 16% IC (instruction count)
speedup compared to speed 10.

- Compression Efficiency Improvements

* Improved VoD encoding performance

* 0.1-0.6% BDrate gains for encoding speeds 2 to 6
* Rate control accuracy improvement in VBR mode

* RTC encoding improvements

* Screen content mode: 10-19% BDrate gains for speeds 6 - 10
* Temporal layers video mode, for speed 10:

* 2 temporal layers on low resolutions: 13-15% BDrate gain
* 3 temporal layers on VGA/HD: 3-4% BDrate gain

- Perceptual Quality Improvements

* Fixed multiple block and color artifacts for RTC screen content by

* Incorporating color into RD cost for IDTX
* Reducing thresholds for palette mode in non RD mode
* Allowing more palette mode testing

* Improved color sensitivity for altref in non-RD mode.
* Reduced video flickering for temporal layer encoding.

- Speedup and Memory Optimizations

* Speed up the VoD encoder

* 2-5% for encoding speed 2 to 4
* 9-15% for encoding speed 5 to 6
* ARM

* Standard bitdepth

* speed 5: +31%
* speed 4: +2%
* speed 3: +9%
* speed 2: +157%

* High bitdepth

* speed 5: +85%

* RTC speedups

* Screen content mode

* 15% IC speedup for speeds 6-8
* ARM: 7% for speed 9, 3% for speed 10

* Temporal layers video mode

* 7% speedup for 3 temporal layers on VGA/HD, for speed 10

* Single layer video

* x86: 2% IC speedup for speeds 7-10
* ARM: 2-4% speedup across speeds 5-10

- Bug Fixes

* aomedia:3261 Assertion failed when encoding av1 with film grain and
'--monochrome' flag
* ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libaom, libyuv' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2023-6879
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1
https://crbug.com/aomedia/3491

Copyright Copyright (C) 2024 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856852
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:4333-1)
Resumen:	The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory. Vulnerability Insight: - aomedia:3349: heap overflow when increasing resolution - aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning on aom/av1/encoder/motion_search_facade.c - aomedia:3489: Detect encoder and image high bit depth mismatch - aomedia:3491: heap-buffer-overflow on frame size change - b/303023614: Segfault at encoding time for high bit depth images - New upstream release 3.7.0 - New Features * New codec controls: * AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame. * AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta quantization in all intra mode. The 'enable-rate-guide-deltaq' option is added for this control. * AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate distribution used in all intra mode. The 'rate-distribution-info' option is added for this control. * AV1E_GET_LUMA_CDEF_STRENGTH * AV1E_SET_BITRATE_ONE_PASS_CBR * AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling. * aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP. The 'tune' option is extended to include 'vmaf_saliency_map'. * SVC example encoder svc_encoder_rtc is able to use the rate control library. * Loopfilter level and CDEF filter level is supported by RTC rate control library. * New speed (--cpu-used) 11, intended for RTC screen sharing, added for faster encoding with ~ 3% bdrate loss with 16% IC (instruction count) speedup compared to speed 10. - Compression Efficiency Improvements * Improved VoD encoding performance * 0.1-0.6% BDrate gains for encoding speeds 2 to 6 * Rate control accuracy improvement in VBR mode * RTC encoding improvements * Screen content mode: 10-19% BDrate gains for speeds 6 - 10 * Temporal layers video mode, for speed 10: * 2 temporal layers on low resolutions: 13-15% BDrate gain * 3 temporal layers on VGA/HD: 3-4% BDrate gain - Perceptual Quality Improvements * Fixed multiple block and color artifacts for RTC screen content by * Incorporating color into RD cost for IDTX * Reducing thresholds for palette mode in non RD mode * Allowing more palette mode testing * Improved color sensitivity for altref in non-RD mode. * Reduced video flickering for temporal layer encoding. - Speedup and Memory Optimizations * Speed up the VoD encoder * 2-5% for encoding speed 2 to 4 * 9-15% for encoding speed 5 to 6 * ARM * Standard bitdepth * speed 5: +31% * speed 4: +2% * speed 3: +9% * speed 2: +157% * High bitdepth * speed 5: +85% * RTC speedups * Screen content mode * 15% IC speedup for speeds 6-8 * ARM: 7% for speed 9, 3% for speed 10 * Temporal layers video mode * 7% speedup for 3 temporal layers on VGA/HD, for speed 10 * Single layer video * x86: 2% IC speedup for speeds 7-10 * ARM: 2-4% speedup across speeds 5-10 - Bug Fixes * aomedia:3261 Assertion failed when encoding av1 with film grain and '--monochrome' flag * ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libaom, libyuv' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2023-6879 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/ https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 https://crbug.com/aomedia/3491
Copyright	Copyright (C) 2024 Greenbone AG