Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.3509
faad2 security update
16 September 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: faad2
Publisher: Debian
Operating System: Debian GNU/Linux 9
Impact/Access: Denial of Service -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-15296 CVE-2018-20362 CVE-2018-20361
CVE-2018-20359 CVE-2018-20358 CVE-2018-20357
CVE-2018-20198 CVE-2018-20197 CVE-2018-20195
CVE-2018-20194 CVE-2018-19504 CVE-2018-19503
CVE-2018-19502
Reference: ESB-2019.3288
ESB-2019.1796
Original Bulletin:
http://www.debian.org/security/2019/dsa-4522
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4522-1 security@debian.org
https://www.debian.org/security/ Hugo Lefeuvre
September 15, 2019 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : faad2
CVE ID : CVE-2018-19502 CVE-2018-19503 CVE-2018-19504 CVE-2018-20194
CVE-2018-20195 CVE-2018-20197 CVE-2018-20198 CVE-2018-20357
CVE-2018-20358 CVE-2018-20359 CVE-2018-20361 CVE-2018-20362
CVE-2019-15296
Debian Bug : 914641
Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced
Audio Coder. These vulnerabilities might allow remote attackers to cause
denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC
files are processed.
For the oldstable distribution (stretch), these problems have been fixed
in version 2.8.0~cvs20161113-1+deb9u2.
We recommend that you upgrade your faad2 packages.
For the detailed security status of faad2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/faad2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1+XpoACgkQEMKTtsN8
Tja0xA//QlCrjIhBs6HZmnm+37XN6puyT6R5cCigpzAERhG5tXkCNHY/zE7R5sNi
uUkmi98xOT2YPWO8h8JbiOvdU2TCImPAT7zBXway6a8uMsTbmuprNIW9DZ/E4JUz
IeOJy1dNQeWX5ud4CA0eQQLuKevycG/G4LDPw3zMU0ofayQQiTtgKd5JSPXWN7X5
TaLPwQWHaaSTBNmHDi9nGEy+X3yXGxgC87OSScCdufvFmoV4Aqo7pXBOPJBFyeIQ
JYz6noUW6JzI4xQBngarthSCI2TQRGVn2AnH2n9yWP0Nf2nznymKDh2L5acpNYpY
cSZOUOMrjzX4OPQWmIZMsgbB7MpS0+xHUfb2ls3NJ2RbbLUSFrA/v2Xff4x6/eZM
jsYQ0sKY1Lqt3uj3tD8TqGs1H2q6marjGTlnLsAWyIBXa6MJIQHZdxehhVDx0U7u
Tom0A9NSQqWLa3AV6Dy/BSoWUCbNrXdt4ppoAXgy9k+x2kMNaJpJ3EbAzMA+xRnp
gi44t9E+HT5iNURkKovQt+/OZKPYlI00AVCpH31bjEUHCeTCw79BsX1v9kpuXWXg
jW6A/efW1hnmvC74yeDLNoE3iri54ZKsy+w4ELOLQFAtkmAq0bOW4I/03v7lH2h5
Q77PZEuA2XZVri9vO5z8m4VQE+HZB73LTrq7fJ/eHgTCqJRSmko=
=qHQO
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXX8qrmaOgq3Tt24GAQhcWBAA0vxhsMtpkPvQZLy/Pp2rt2JpBx1+Nw5e
Bcj/gGgX0WHBnuNHcwViVqjfhWQCJB773dKIQCIrgKM1liC57nU0KMFVgTH8V4y6
oPRkVVqa2lyQAI03PuVit4bvB8yGNo0ilBlebExJ8qqKjVyAvrezNATJ205qMqI/
104HhoSbuLiXgKV4FAIaTjgwoXMHjxussjPOW+W2WHQ6xB+sTnRjgaEtiH4RsfCZ
aEdMS6USK/zY1J5Z+/rCKnWT+BO2uIh67c9koP+X+oaV0kMj3WlytIlOP3a/+mLC
7XP6jEN2xrC+6TY1njIVqTyPeYJfkWv5qq6q4Mc1IQzGcevYRKXkEUw3Gm9uJc66
rLsbEotRKz9o4m81kCQTD6vyVwXiQVQ5/DIm4zOzNHC75/qbwAb9EMaF5vpD0Mm3
a3leMqlDO+5Vr0IZEPKzgIzacCqJ7oivWDfkgk75u5sxSckoGimgsRLmowgHheaM
YpvL2fPxhYKGSAksqfh92xUsAnwskoiafxuXKpToTuTnpEvoIsR6Y5XIeGQSr9gm
IS45Q5ru+C+VpuIcGOt+WYr0qbrKnagkSe2ehcv8oh+gd1+Xc721JLTGfcuQLGsj
H4lNikm2knewTRpGdnTEuwzvTKRBIzYLNJr6x15cvJa5U1QXwWrXbSp8L5a0syA6
GVSjf1sjpL4=
=Qh+P
-----END PGP SIGNATURE-----