LimoneneMar 6, 2025

Is Ubuntu shipping software with known security vulnerabilities?

https://lemmy.world/post/26435835

Is Ubuntu shipping software with known security vulnerabilities? - Lemmy.World

Ubuntu’s current LTS version (24.04) contains ffmpeg version 7:6.1.1-3ubuntu5 which has this buffer overflow vulnerability: https://trac.ffmpeg.org/ticket/10952 [https://trac.ffmpeg.org/ticket/10952] https://ubuntu.com/security/CVE-2024-32230 [https://ubuntu.com/security/CVE-2024-32230] On my only Ubuntu computer, my update widget says that I need to upgrade to ffmpeg version 7:6.1.1-3ubuntu5+esm2 [https://ubuntu.com/security/notices/USN-6983-1] but can only only do so with Ubuntu Pro. I’m not eligible for Ubuntu Pro. Ubuntu claims that 24.04 is currently fully supported, and should have complete security updates. However, they seem to have paywalled this security update. What should I do?

Show threadXanzaMar 7, 2025

It’s the difference in OS version;

  • 24.04 has ffmpeg_6.1.1-3ubuntu5
  • 24.10 has ffmpeg_7.0.2-3ubuntu1

So if you want ffmpeg from main, upgrade to 24.10, otherwise you can only get ffmpeg in 24.04 by waiting until its added to main, using Ubuntu Pro, or compiling from source.

git.ffmpeg.org Git - ffmpeg.git/tags

Show threadcatloaf
ffmpeg is not in main in any version
Mar 7, 2025 at 12:27amWeb