Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.1428 GStreamer Media Framework Plugin Vulnerabilities 28 April 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gst-plugins-base1.0 gst-plugins-bad1.0 gst-plugins-ugly1.0 gst-libav1.0 Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified Denial of Service -- Unknown/Unspecified Resolution: Patch/Upgrade Reference: ESB-2021.1401 Original Bulletin: https://lists.debian.org/debian-lts-announce/2021/04/msg00028.html https://lists.debian.org/debian-lts-announce/2021/04/msg00029.html https://lists.debian.org/debian-lts-announce/2021/04/msg00030.html https://lists.debian.org/debian-lts-announce/2021/04/msg00031.html Comment: This bulletin contains four (4) Debian security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2641-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 27, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : gst-plugins-base1.0 Version : 1.10.4-1+deb9u2 CVE ID : not yet available Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For Debian 9 stretch, this problem has been fixed in version 1.10.4-1+deb9u2. We recommend that you upgrade your gst-plugins-base1.0 packages. For the detailed security status of gst-plugins-base1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-base1.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6DIACgkQnUbEiOQ2 gwKUrhAAz3wDm3Q5b64NezbZ1Xp5AtkzUETiteGS2hdgePcc1XTwxST8YHANmbVn cv3eLA2hQJYeulKfg0qU7yvZHw5zfaSUYg8e9A9cXa6wFdGsehTXIKtb1N9dV3F+ Fqn8VrpjOabi3zVxicvDghgEXg0GP5csy4APwF+0rkOkus30UdpdU+vJtNZDXX5V 6uPRtD3VvuAoDRbVpbZ464ShSLh6PXuYpt1Jz62MoY5pQirkGKbMbm+MmxDMhkJI 1g48AF43QtdYj+boDg+kYn70UXofVDs0RAwO9iN8vEKE7qkUsk6O1CwBVxX40OQa HV/GGEDbPe7k4mpSScePMk//LCTfD1r6VD0p/zFLT4MYNKbf3qVU6uoCmK7aGADz 7cJ7+l9T6AtwIQz7lerzTjsMR/v/lhgyzRjtKAga3GxzstoRi89wyFBkNlSJFZD/ efbW7ziYN1S2Xv5dIvJ6j3QGwU+l78IKw4v4eQKcX+4cTHuEvQsJnOGLQLy/avQc 7InJr9ObvgNU1oHNJLPuffxMc/a7pta2Hni8vaRfTrFh5DgnICLgkOMPhym8UuW8 LPAVze8KxD9nM9J7+9+MElg+GYXMkZnE1BmdxYNwKCdn0gRonvEdlrI7e9peDVQi EMh2PeGSJEaLqGwvZQRtDZqoZhX4X+O2cr+KVh9jk++JL5uUeho= =87jP - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2642-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 27, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : gst-plugins-bad1.0 Version : 1.10.4-1+deb9u2 CVE ID : not yet available Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For Debian 9 stretch, this problem has been fixed in version 1.10.4-1+deb9u2. We recommend that you upgrade your gst-plugins-bad1.0 packages. For the detailed security status of gst-plugins-bad1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6MMACgkQnUbEiOQ2 gwKFSRAAwR98zgfEMA0naRlmg1HCCr2IaBv/DR77+v+f840qaI5cxDEc6iqvbjux Cvm05dL1oocHfarKukxdm6uI9Ap1RTF4Qwe3hmTIO7uWeULSPeuh1BkeNq+r7EcZ CV/5tTu6lCj6ZGv3XeDb7eRN/IbJNro2SJn0TUespYeJr8vfzKsNLxfEMAeEj//R IyHOB+F8hmBq00f887j1yBfDjche9U7njlIW16g1+d0vLyX+e/BivWXdu9do6Xxa GuyOwSCih/OvW1fgC00CHARR6ayZKGCOn1fZVe9N9eCDKdGj1IucH5w4FQbhRqQY 7dltlyqdiOS5ykj09Cev+9lj5PBtG1crSn/Bz1Wzt1fTqNrr4Rz0YLv8fN2zfyaT K03gL3S8fO8avGhNP50GHEds7wh3YBseHTBVK76vGoS7IQZw6Z7ojI4vEgusG2hJ lCqgvk+CrhjrOraq2/MJarGykZUr+QafLoV0vcIxnpw9Dk5MaU6UQIvOpp35Xgin rFNvxmP9AzUzAi41txq+vr7EsDUH+cQeSU/fYqFL0B2emwQZIVWfmG81SLJHMRCO h5iTy2ATPNj23ocM36Z23Tr+Fz3DBtSibCEsUBMYROUl8qFq2cozkklXhrBZ5J6L VtTUwCIByOcnqFIuJvfhTnMUlmZ09AZfZDOmdWd6M8B97SqPKig= =DcM+ - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2643-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 27, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : gst-plugins-ugly1.0 Version : 1.10.4-1+deb9u1 CVE ID : not yet available Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For Debian 9 stretch, this problem has been fixed in version 1.10.4-1+deb9u1. We recommend that you upgrade your gst-plugins-ugly1.0 packages. For the detailed security status of gst-plugins-ugly1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-ugly1.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6UQACgkQnUbEiOQ2 gwJgZw//S8/1Scus9WTKFmlomWHfnWd+4B4n1z5I9y95k3oB1sB0DkHRVNFufCJB 3YydAgSeYsXFxzIBr8tstbw3mnsUTqG2ij+0zGLlPpxSIGGpo24azZPchYV8H0Fn fwOPff7fNqKr22LYZoQehjf6PcrF3gXtJ9QvqbOWBZj+WZa+P29tZg+QpHuZOxR3 Fsjv5+4r7IYxAxeJw1el5WQO4t0a/Rbxv84fagUqNfpdzzejWZqqerC4g/a1LGQg 6fauRtbsqRave1hqwBWUnT58KLHnoGLnqqyqWiVrmVfLTDw2LuI71tBj5Pf2PVlw 1tDiFbXM+M8stPbwSR3w0osOf+aam4E1mqv7c8zw5DrYCDn2vCLj/wZqsFi1GuLD iAumWWe3SO9I/0ijrg3dkcdTww+m6Uj1Gnu0LpsedL/rAIs793miZlR0dSycRTHb 8HCQ+hoz+gkkNMA2U3C/pH1zAegqQIhdxPKMLxt8ChcizwvhXYl746Dkx8Tqda33 NEaC7vWJvKodfbKz0Huf0pSx4tFW0wtTH0DOo6sEyBEttCXegO0s6q9K6cE4vjm5 nKXVQNjS/qRngpfjHXBDLP9XkWUPWV0CaLwKqVv19uwn2w3axk3ULmjsCx46J+dF Lr7ehLybe5HIRi0KzgWONf12VnHG7owKjnW+ATO0ZWjai9qdtIw= =uful - -----END PGP SIGNATURE----- - ----------------------------------------------------------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2644-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 27, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : gst-libav1.0 Version : 1.10.4-1+deb9u1 CVE ID : not yet available Multiple vulnerabilities were discovered in plugins for the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For Debian 9 stretch, this problem has been fixed in version 1.10.4-1+deb9u1. We recommend that you upgrade your gst-libav1.0 packages. For the detailed security status of gst-libav1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/gst-libav1.0 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6bYACgkQnUbEiOQ2 gwK8Hw//dAkKtbIOy2QmqvJsIMTgojMdhc1QRdsBFGELPuESDZswN6sUoblfNaQj uX0R9lmuTotvdhwtp3+lur+AEqErGOAMamb5ou5TwY0w97ZOeA4jai0BuZNA9mqo ysXdkc7qwmLTDxmES8L944+rlGGepRRMzKsQKYocj7p/Ztx0OItNXah9/jGVVC2B OZDtvod03bQ0CjxI+W/OD1Z26a4I/QAH+RZbVSjc/XQT0G6iPgycDxhrZ0iXgry1 vZTsUqrLWNPZHdiNb0BQYeGTNB7VBvcnR1mPqhVynKX1GV+/WGkiVBICaYwm4FDW +K8FuxsACHeSh2se3CapbY/TNe24p7uxG5qZNqeUilDD/Pb0x1C2/HjRG7kkyr7G vIkh2CnJJ5tXe4HQ9KHcnO9FbW/yL6DwoHmfjE2Scc1Ru4C1ehPHynUwkQIHNbYc fmC5MuZvGLwWIcwSRpQy7CsXQbYr59P0JDKQmimsXZ+FVwM+6WkIor5N/4xywA0F /q4u0oAWl2jTglZ8ARJlNhQpWSLPRd1U97a4ahTzPrVvE3p36SB+AK5qOBdQa3qx +jiU7wAHGC0lfchbYSXf0FoAk9qguf4on4NoQv+ujkIk8NuH0FWNuVpeBHu7hAaa VsJXhTWqfL58G10BJGFIhbKtsyfD/zpcxRovvYhA9Q6EZEEIEWg= =PRuH - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYIieDeNLKJtyKPYoAQiCcRAAo3ysT21BroUOXUnNmPE6O8GhQmdPPzBJ jpbllXUZtevRSsqvSeuW3uJwAcKbqOKZhjTMQQ0tZpWAUoXFY8xT9oSRsqHHNG1O fKhfmEEna+cjfgJ+RXvyqotmqD2sN2x1sup8nue3cSHjeunEiP6p0MvY2xydIdtK 7Nk7GfFI2sgnH80JfZD7UD32eaePf8x1z2qVE2rGoGWna7U0LUyoPeDBQlCz14fM UhhufiKIkY5eB8wKhUeeP6YPPPKtrNArIYoZ5YAldDk1FUFjwAm4ljGzC8eyH7ln Un/Pk3JK0ZXJJe/rI8qvOBE4C38voWJjhaAbESsLz2BghmKESYx2XDYdwaAhu0ag IZ6FsHb7o75+pgAWiHiSVfyj7/hKDl4Om7lbyd3FsDfaKJAPzqd1WnROaCK6I6AP U2+pS5B3rdmDhoqEPOCD99nMSM/5kqhXMimacCdqn413gv8JRkVsxY+vxJAaTzuR R7i18D4i+xLeGOGXvd34feGC4uFVcYsHAQpqdMLf4CjLxPNQgbyIZQpMDvvn5NVq VoaQg3kucGoaLxiPgbVZWha2mMnY6cXTY2DQsqD8AWd8s1ogp0H6NkQtpo6wGsbv 0ZViTyIWTyTmkuEiUUaUyA3cYW2r/6Yl0kaAEB5js8hkNs01f2tLBfNW9ZMwImK7 p9GgMvknpwQ= =DYKZ -----END PGP SIGNATURE-----