Ubuntu’s current LTS version (24.04) contains ffmpeg version 7:6.1.1-3ubuntu5 which has this buffer overflow vulnerability:
https://trac.ffmpeg.org/ticket/10952
https://ubuntu.com/security/CVE-2024-32230
On my only Ubuntu computer, my update widget says that I need to upgrade to ffmpeg version 7:6.1.1-3ubuntu5+esm2 but can only only do so with Ubuntu Pro. I’m not eligible for Ubuntu Pro.
Ubuntu claims that 24.04 is currently fully supported, and should have complete security updates. However, they seem to have paywalled this security update.
What should I do?
Just wait or switch distros. All the security updates they hold hostage for money come eventually. If you’re not a bank or wanted by a major world power, I doubt anyone is going pwn you with a security fix Ubuntu is slow walking to force people into pro. Since they started that shit I don’t put Ubuntu on new hardware, but I’m not going to purge servers I have it on because I’m worried someone’s going to deploy a sub-month old vulnerability against me as a rando doing nothing important.