Ubuntu’s current LTS version (24.04) contains ffmpeg version 7:6.1.1-3ubuntu5 which has this buffer overflow vulnerability:

https://trac.ffmpeg.org/ticket/10952

https://ubuntu.com/security/CVE-2024-32230

On my only Ubuntu computer, my update widget says that I need to upgrade to ffmpeg version 7:6.1.1-3ubuntu5+esm2 but can only only do so with Ubuntu Pro. I’m not eligible for Ubuntu Pro.

Ubuntu claims that 24.04 is currently fully supported, and should have complete security updates. However, they seem to have paywalled this security update.

What should I do?

  • commander@lemmings.worldEnglish
    232·
    4 months ago

    It sure seems that way. Their “extended security maintenance” spam says that there are security updates that are only available if you “subscribe”.

    I asked the Linux community about this, and didn’t get a straight answer (not surprised.)

    It was enough for me to switch to Debian, though. There’s no excuse for updates to be locked behind paywalls or sign-ups in the free software ecosystem.

    • hepp3n@lemmy.ml
      1·
      4 months ago

      There’s no excuse for updates to be locked behind paywalls or sign-ups in the free software ecosystem.

      Of course because you are also working for free, right? Btw. Ubuntu PRO is free for up to 5 devices…