Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.4517 libvpx security update 29 November 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libvpx Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 10 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-9433 CVE-2019-9371 CVE-2019-9325 CVE-2019-9232 Reference: ASB-2019.0248 ESB-2019.4494 Original Bulletin: http://www.debian.org/security/2019/dsa-4578 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4578-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 28, 2019 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : libvpx CVE ID : CVE-2019-9232 CVE-2019-9325 CVE-2019-9433 CVE-2019-9371 Multiple security issues were found in libvpx multimedia library which could result in denial of service and potentially the execution of arbitrary code if malformed WebM files are processed. For the oldstable distribution (stretch), these problems have been fixed in version 1.6.1-3+deb9u2. For the stable distribution (buster), these problems have been fixed in version 1.7.0-3+deb10u1. We recommend that you upgrade your libvpx packages. For the detailed security status of libvpx please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libvpx Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3gI+0ACgkQEMKTtsN8 TjbH9A//S6lvahOTfqwVHzQCkFEgEOgmpwZA9NGnUQJ5omuv2BiSMqGnumje+QaH nYLxz2SDiIhO2BgJbDPiKc2HvsCjybzzMLGhTRmYU3H5O/+4NTTcoYXKdrh/R68f 27gN746Xyi6Dcic4oM7Niz1LxkA5QiZNARx1LNWua99It7RCppYqsqb4nqru485q SnlLt9J+BLlndpHFpBK1O8X/+TLfSnGqq9i/o21VaHGo4eDYAXkSlRE55IhjPnSg Cx7sd/VNxzDvbq9ycsuNKpm7bDD6zifXwAX4aR+NDTG8nRgQmz5ufrLR3u1s6N/o vV9qXXgzLjCQboYCmKFnbNYkWyWRfvhQTSvN9J8/rTCSAoABrUpUw9Pkc2VPcjSM iLdfPSzu1GY/N2KuX7/vqqxlbkGsrd6Ms0VKfIX0WOGIHtuVyhfErgloxRFofNsp inLeosoNHDYc/fb0pqTrJEsiI1AjHRUAr2X8axxV0YOm81t50cH1cK3T84hW4iwZ wCV9SWSpCEP+llunt3OGLHI5/cjlI0TIXN0/HAVvakH07ICSBhYjvXlO62tQO+3T 1CWafBEj9Agq04YmRhjY/hW5axXYjCTeQeYFxLKBmp6KD4paMYttCwIq52M9SP7q QQrYhffWcPYf01IB2EMikznAnvXW5tIf4msVX2ArrT8d8M1WaBI= =pCY3 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXeBpZmaOgq3Tt24GAQiBmQ/8CFSmld/0Pgdi0co4YyWTWj6hgROK4z5X cWGRwAxG1xapKVvnsArN/fJjoUK9WIjpAKaxX8bWJrZuy0lEHNMu4bNxJiEUcwTK b6+1RQwM3mrYxwdEvemGmQ2E3++AOJoSawbGmZAXKRhQ7O7HWmbmxUozjk7IbhqE ph9YAyL2ZUoLsuFTYUiVzTJQ8rZqN/w6bFxuqJHVYR+VOzaR82lQo6AJzekfvh6D VHUCIrI+22ovAeUwNgGRpn0j5loTKuQUGV4QEn1c7j7F78cHYkMhfZRchzZ1O2HL 2ro8rjLxoozA4UUTDKCihsUZ+E+fO1E8PEDZu/6aMEMsNaCD0YTx9bAaJlpgX/QQ wVeYB1S8nYm1snYSk779iJ/vdkM0UkzW/T3W5MdhdhWWWK7BtZBZ+k4Y+xCeAxPW 5RbJ1ZKgOaxjMoeiT8++rn53ALj4FOdrAEnZniSLLnFhdLadrdpR/63BqtPXoJCC pixE/c3ewbs//+Fm0nF5Btws/o0loma2V/LUppEsnDJdfGCWxOx3CcFGEd+Dh5Z6 +XW75DYp56hk4c0tzGIGUAE+tR+BPM2GtcxKjMFpOpCF9lPhfnDuiZ+62sfqp5Qj z9bkusutQM1kDj5+pK4tuSsTqBdKeLO94N76fU7rZTdiCIaDY5Qd/AZVZIcDFu3A /aswVzHcSOE= =WvJ/ -----END PGP SIGNATURE-----