Ubuntu’s current LTS version (24.04) contains ffmpeg version 7:6.1.1-3ubuntu5 which has this buffer overflow vulnerability:
https://trac.ffmpeg.org/ticket/10952
https://ubuntu.com/security/CVE-2024-32230
On my only Ubuntu computer, my update widget says that I need to upgrade to ffmpeg version 7:6.1.1-3ubuntu5+esm2 but can only only do so with Ubuntu Pro. I’m not eligible for Ubuntu Pro.
Ubuntu claims that 24.04 is currently fully supported, and should have complete security updates. However, they seem to have paywalled this security update.
What should I do?
The Ubuntu security team only supports the ~2,000 packages in “main”
Things like ffmpeg are in “universe” and only get security updates if you subscribe to Ubuntu Pro
ubuntu.com/security/esm
Debian’s security team has always been significantly more responsive than Ubuntu. It’s regularly had CVE fixes in older versions of Debian that newer versions of Ubuntu don’t bother to pull into universe