openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:4333-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.856852

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (SUSE-SU-2024:4333-1)

Summary: The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.

Description: Summary:
The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.

Vulnerability Insight:
- aomedia:3349: heap overflow when increasing resolution
- aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning
on aom/av1/encoder/motion_search_facade.c
- aomedia:3489: Detect encoder and image high bit depth
mismatch
- aomedia:3491: heap-buffer-overflow on frame size change
- b/303023614: Segfault at encoding time for high bit depth
images

- New upstream release 3.7.0

- New Features

* New codec controls:

* AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame.
* AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta
quantization in all intra mode. The 'enable-rate-guide-deltaq' option is
added for this control.
* AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate
distribution used in all intra mode. The 'rate-distribution-info' option
is added for this control.
* AV1E_GET_LUMA_CDEF_STRENGTH
* AV1E_SET_BITRATE_ONE_PASS_CBR

* AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling.
* aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP.
The 'tune' option is extended to include 'vmaf_saliency_map'.
* SVC example encoder svc_encoder_rtc is able to use the rate control
library.
* Loopfilter level and CDEF filter level is supported by RTC rate control
library.
* New speed (--cpu-used) 11, intended for RTC screen sharing, added for
faster encoding with ~
3% bdrate loss with 16% IC (instruction count)
speedup compared to speed 10.

- Compression Efficiency Improvements

* Improved VoD encoding performance

* 0.1-0.6% BDrate gains for encoding speeds 2 to 6
* Rate control accuracy improvement in VBR mode

* RTC encoding improvements

* Screen content mode: 10-19% BDrate gains for speeds 6 - 10
* Temporal layers video mode, for speed 10:

* 2 temporal layers on low resolutions: 13-15% BDrate gain
* 3 temporal layers on VGA/HD: 3-4% BDrate gain

- Perceptual Quality Improvements

* Fixed multiple block and color artifacts for RTC screen content by

* Incorporating color into RD cost for IDTX
* Reducing thresholds for palette mode in non RD mode
* Allowing more palette mode testing

* Improved color sensitivity for altref in non-RD mode.
* Reduced video flickering for temporal layer encoding.

- Speedup and Memory Optimizations

* Speed up the VoD encoder

* 2-5% for encoding speed 2 to 4
* 9-15% for encoding speed 5 to 6
* ARM

* Standard bitdepth

* speed 5: +31%
* speed 4: +2%
* speed 3: +9%
* speed 2: +157%

* High bitdepth

* speed 5: +85%

* RTC speedups

* Screen content mode

* 15% IC speedup for speeds 6-8
* ARM: 7% for speed 9, 3% for speed 10

* Temporal layers video mode

* 7% speedup for 3 temporal layers on VGA/HD, for speed 10

* Single layer video

* x86: 2% IC speedup for speeds 7-10
* ARM: 2-4% speedup across speeds 5-10

- Bug Fixes

* aomedia:3261 Assertion failed when encoding av1 with film grain and
'--monochrome' flag
* ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'libaom, libyuv' package(s) on openSUSE Leap 15.5.

Solution:
Please install the updated package(s).

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2023-6879
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/
https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1
https://crbug.com/aomedia/3491

Copyright Copyright (C) 2024 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.856852
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (SUSE-SU-2024:4333-1)
Summary:	The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory.
Description:	Summary: The remote host is missing an update for the 'libaom, libyuv' package(s) announced via the SUSE-SU-2024:4333-1 advisory. Vulnerability Insight: - aomedia:3349: heap overflow when increasing resolution - aomedia:3478: GCC 12.2.0 emits a -Wstringop-overflow warning on aom/av1/encoder/motion_search_facade.c - aomedia:3489: Detect encoder and image high bit depth mismatch - aomedia:3491: heap-buffer-overflow on frame size change - b/303023614: Segfault at encoding time for high bit depth images - New upstream release 3.7.0 - New Features * New codec controls: * AV1E_SET_QUANTIZER_ONE_PASS: Set quantizer for each frame. * AV1E_ENABLE_RATE_GUIDE_DELTAQ: enable the rate distribution guided delta quantization in all intra mode. The 'enable-rate-guide-deltaq' option is added for this control. * AV1E_SET_RATE_DISTRIBUTION_INFO: set the input file for rate distribution used in all intra mode. The 'rate-distribution-info' option is added for this control. * AV1E_GET_LUMA_CDEF_STRENGTH * AV1E_SET_BITRATE_ONE_PASS_CBR * AOM_SCALING_MODE is extended to include 2/3 and 1/3 scaling. * aom_tune_metric is extended to include AOM_TUNE_VMAF_SALIENCY_MAP. The 'tune' option is extended to include 'vmaf_saliency_map'. * SVC example encoder svc_encoder_rtc is able to use the rate control library. * Loopfilter level and CDEF filter level is supported by RTC rate control library. * New speed (--cpu-used) 11, intended for RTC screen sharing, added for faster encoding with ~ 3% bdrate loss with 16% IC (instruction count) speedup compared to speed 10. - Compression Efficiency Improvements * Improved VoD encoding performance * 0.1-0.6% BDrate gains for encoding speeds 2 to 6 * Rate control accuracy improvement in VBR mode * RTC encoding improvements * Screen content mode: 10-19% BDrate gains for speeds 6 - 10 * Temporal layers video mode, for speed 10: * 2 temporal layers on low resolutions: 13-15% BDrate gain * 3 temporal layers on VGA/HD: 3-4% BDrate gain - Perceptual Quality Improvements * Fixed multiple block and color artifacts for RTC screen content by * Incorporating color into RD cost for IDTX * Reducing thresholds for palette mode in non RD mode * Allowing more palette mode testing * Improved color sensitivity for altref in non-RD mode. * Reduced video flickering for temporal layer encoding. - Speedup and Memory Optimizations * Speed up the VoD encoder * 2-5% for encoding speed 2 to 4 * 9-15% for encoding speed 5 to 6 * ARM * Standard bitdepth * speed 5: +31% * speed 4: +2% * speed 3: +9% * speed 2: +157% * High bitdepth * speed 5: +85% * RTC speedups * Screen content mode * 15% IC speedup for speeds 6-8 * ARM: 7% for speed 9, 3% for speed 10 * Temporal layers video mode * 7% speedup for 3 temporal layers on VGA/HD, for speed 10 * Single layer video * x86: 2% IC speedup for speeds 7-10 * ARM: 2-4% speedup across speeds 5-10 - Bug Fixes * aomedia:3261 Assertion failed when encoding av1 with film grain and '--monochrome' flag * ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'libaom, libyuv' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2023-6879 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/ https://aomedia.googlesource.com/aom/+/refs/tags/v3.7.1 https://crbug.com/aomedia/3491
Copyright	Copyright (C) 2024 Greenbone AG