Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2023.3055 gpac security update 29 May 2023 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gpac Publisher: Debian Operating System: Debian GNU/Linux Resolution: Patch/Upgrade CVE Names: CVE-2023-23145 CVE-2023-23144 CVE-2023-23143 CVE-2023-2840 CVE-2023-2839 CVE-2023-2838 CVE-2023-2837 CVE-2023-1654 CVE-2023-1452 CVE-2023-1449 CVE-2023-1448 CVE-2023-0866 CVE-2023-0819 CVE-2023-0818 CVE-2023-0770 CVE-2022-47663 CVE-2022-47662 CVE-2022-47661 CVE-2022-47660 CVE-2022-47659 CVE-2022-47657 CVE-2022-47095 CVE-2022-47094 CVE-2022-47091 CVE-2022-47086 CVE-2022-45343 CVE-2022-45283 CVE-2022-45202 CVE-2022-43255 CVE-2022-38530 CVE-2022-36191 CVE-2022-36190 CVE-2022-29537 CVE-2022-27147 CVE-2022-27145 CVE-2022-26967 CVE-2022-24578 CVE-2022-24577 CVE-2022-24574 CVE-2022-4202 CVE-2022-3957 CVE-2022-3222 CVE-2022-2454 CVE-2022-1795 CVE-2022-1441 CVE-2022-1222 CVE-2022-1035 CVE-2021-46051 CVE-2021-46049 CVE-2021-46047 CVE-2021-46046 CVE-2021-46045 CVE-2021-46044 CVE-2021-46043 CVE-2021-46042 CVE-2021-46041 CVE-2021-46040 CVE-2021-46039 CVE-2021-46038 CVE-2021-45831 CVE-2021-45767 CVE-2021-45764 CVE-2021-45763 CVE-2021-45762 CVE-2021-45760 CVE-2021-45297 CVE-2021-45292 CVE-2021-45291 CVE-2021-45267 CVE-2021-45263 CVE-2021-45262 CVE-2021-41459 CVE-2021-41457 CVE-2021-41456 CVE-2021-40944 CVE-2021-40609 CVE-2021-40608 CVE-2021-40606 CVE-2021-40592 CVE-2021-40576 CVE-2021-40575 CVE-2021-40574 CVE-2021-40572 CVE-2021-40571 CVE-2021-40570 CVE-2021-40569 CVE-2021-40568 CVE-2021-40567 CVE-2021-40566 CVE-2021-40565 CVE-2021-40564 CVE-2021-40563 CVE-2021-40562 CVE-2021-40559 CVE-2021-36417 CVE-2021-36414 CVE-2021-36412 CVE-2021-33366 CVE-2021-33365 CVE-2021-33364 CVE-2021-33363 CVE-2021-33361 CVE-2021-21852 CVE-2021-4043 CVE-2020-35980 Original Bulletin: https://lists.debian.org/debian-security-announce/2023/msg00103.html Comment: CVSS (Max): 9.8 CVE-2023-2840 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) CVSS Source: NVD Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-5411-1 security@debian.org https://www.debian.org/security/ Aron Xu May 26, 2023 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : gpac CVE ID : CVE-2020-35980 CVE-2021-4043 CVE-2021-21852 CVE-2021-33361 CVE-2021-33363 CVE-2021-33364 CVE-2021-33365 CVE-2021-33366 CVE-2021-36412 CVE-2021-36414 CVE-2021-36417 CVE-2021-40559 CVE-2021-40562 CVE-2021-40563 CVE-2021-40564 CVE-2021-40565 CVE-2021-40566 CVE-2021-40567 CVE-2021-40568 CVE-2021-40569 CVE-2021-40570 CVE-2021-40571 CVE-2021-40572 CVE-2021-40574 CVE-2021-40575 CVE-2021-40576 CVE-2021-40592 CVE-2021-40606 CVE-2021-40608 CVE-2021-40609 CVE-2021-40944 CVE-2021-41456 CVE-2021-41457 CVE-2021-41459 CVE-2021-45262 CVE-2021-45263 CVE-2021-45267 CVE-2021-45291 CVE-2021-45292 CVE-2021-45297 CVE-2021-45760 CVE-2021-45762 CVE-2021-45763 CVE-2021-45764 CVE-2021-45767 CVE-2021-45831 CVE-2021-46038 CVE-2021-46039 CVE-2021-46040 CVE-2021-46041 CVE-2021-46042 CVE-2021-46043 CVE-2021-46044 CVE-2021-46045 CVE-2021-46046 CVE-2021-46047 CVE-2021-46049 CVE-2021-46051 CVE-2022-1035 CVE-2022-1222 CVE-2022-1441 CVE-2022-1795 CVE-2022-2454 CVE-2022-3222 CVE-2022-3957 CVE-2022-4202 CVE-2022-24574 CVE-2022-24577 CVE-2022-24578 CVE-2022-26967 CVE-2022-27145 CVE-2022-27147 CVE-2022-29537 CVE-2022-36190 CVE-2022-36191 CVE-2022-38530 CVE-2022-43255 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-47086 CVE-2022-47091 CVE-2022-47094 CVE-2022-47095 CVE-2022-47657 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0770 CVE-2023-0818 CVE-2023-0819 CVE-2023-0866 CVE-2023-1448 CVE-2023-1449 CVE-2023-1452 CVE-2023-1654 CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 Multiple issues were found in GPAC multimedia framework, whcih could result in denial of service or potentially the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-4+deb11u2. We recommend that you upgrade your gpac packages. For the detailed security status of gpac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gpac Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ - -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEhhz+aYQl/Bp4OTA7O1LKKgqv2VQFAmRwutMACgkQO1LKKgqv 2VQhxgf/aXBHEqvI+O12zLVGiSFBgAgP0WpynhRv+ESync2+EFNBpF/1/w0CAhVr mn3NWsUxj21u4Pm9YjfvG7+YXaDTaEqkrgwVknvZKwV6KY42mSEvztWfqTk5xEe1 Hi7MUL+xKIjUblcgFxNSEAZkb/u9XO3KE7XbPKqNE+FZtz+K95Vtq7CGx+jvpa/F Q+e286fsay38RYsI+ESqxe8N5WYljiIph/thot/uawV6vSNYqR1te4wzn//AkDvL ADq4Hsr3yQSpDbPEToJwS+Q/Gd4YH7IsqtdSMWdtnrxC6Ri4zSrq+AlOvPe7xM35 aIUZuLxhqlp6rmBBhNYefgqTiX1vdg== =faP5 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: https://auscert.org.au/gpg-key/ iQIVAwUBZHQRickNZI30y1K9AQiEXhAAmEyOFqMkf8cS+kKmRVBARUdw99Rp/xQQ XNahXxhujQyAf49JuYhDcB0vsy0jfGg8Hq9BxyijGxReLit6glWnQwDj0PKGLvGT +F8iYQS//MXuXycsW2eTcLXUfFzha3jesyeP4UZDZyQYzBozdUG2VyyCKVmdgsg5 xynU+yAAQyDuVb4ejf7+UDEDM7DU84ZD6TdIvSwLlMts4Tuo+u0AQeYv+mMc7anV KMPHoCCAVF5FO1PqyB4YjLqQDRkxEKejeVlUajolOvfafSF6NFWps8VhmMcuKl3y 2euryS5LaqLjwjDlVFNZc+c1OiMseUSZqFkchlbbqRpdu4OJ4T6YCCwqbrMed/tC KrzvA5qz2Az+b/iWb6yzylBv3/czsIa+BaFDJ/nWq6KW45nsODm2H5uAsstamhsK l808hKeVRMGYIDHJbRB8ZarvIpuKygwINpWgvoIgnzU+zux5eyxYmaY7drDzYL4Q mGwETyvbm1BWEhHRUMmxj/q47WTZgFFX0uLI+Z1CGK9Ckxh29wPYMr2WcRoZndYo ak6TutQ5RLHyt01UWAT96eYD/iMknwihpm50Ex5xxXDEJrQxbnubJlxwSXiuZ8+4 Q0QdWSlfhDgr5nPAnr79YjPFwQMBXRvu9nRkp1Bx6S1gPgumln3N4gdfOos5O1oj Ac6B8J2fVaI= =mb0i -----END PGP SIGNATURE-----