Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.2278
fluidsynth security update
30 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: fluidsynth
Publisher: Debian
Operating System: Debian GNU/Linux
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-28421
Original Bulletin:
https://www.debian.org/lts/security/2021/dla-2697
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running fluidsynth check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2697-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Thorsten Alteholz
June 29, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : fluidsynth
Version : 1.1.6-4+deb9u1
CVE ID : CVE-2021-28421
A vulnerbility has been found in fluidsynth, a real-time MIDI software
synthesizer.
Using a special crafted soundfont2 file, a use after free vulnerability
might result in arbitrary code execution or a denial of service (DoS).
For Debian 9 stretch, this problem has been fixed in version
1.1.6-4+deb9u1.
We recommend that you upgrade your fluidsynth packages.
For the detailed security status of fluidsynth please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/fluidsynth
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDblRBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEeDOQ//d/3JJh8rxvHZ2iUcmBoANeMB2HviyeU9hz/VgsWr5x6JcTK3APyAc42+
UvX570fr9A9z15Ay3/ZJnEDqi+E6t98sEsMkQKLWcz+KGWWGq711m0WIa3ZncvuY
jodfB0GcWfKGBQjCbt6MdhSWThQ3gf7X2KkVy27+5H8vffbJrXuSZzyNg8aNWXmu
lrAdO2MzKi9jglFbtRNr0sHEHXQAW9p5Ny6ltPD4d9qM4uGd7IvEYOWKceTUW8BY
ii9yje1CGgsxAdOcz06VDc8g4eZzn6Yu7+gA4IlGsZ9tjxitHTW8Dj8zEjPzQVqn
hr5fVsM9+x2dh0fqzzXS89/oQjdo5+kfCDOmTi53fyZZ1YKCi7Be1Cd7ZWOvCEi6
AKkaYAKx/giYvxwtNXgVH3QfxrJnd/VYMFjD9lU3jj7d+E99G9zZAxZdypHYIZpz
Lo/VBdyFJm0xTy2GtuxXIockI6vw/g/lsJsFYujJws3mZd9h/KOeS9iBYt2WNl5P
BFkBIGjuWFT0MGt0iuDmf24TsAPKn8seX0dVOqFtsD6hlDceeM4jAv2b1eo/iGly
P3Ef32ol/AGJ2jVqT9HiD4QEENE2rnW4hLOVTMgfh+s77LEYXCZaC5GrDuZARxm4
9gx4WFb8esTTXnG51CmTAlQWQ+PqZ1dyourYZEhq/CLQqdqkb3A=
=ccVm
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYNv2+ONLKJtyKPYoAQjexQ//V8cCf5AV+Lgall8wnQ70gPJDILsqAPuO
7giPqyBhwRX91/8zkIDibqSaeHpm9zuhKmJjvUCIU+kUsIovDx2WTZMCHjhlJ8Xz
TT+MNPCqQIfm5490k5WOmizwYMCpx4wCPoosbbD4RmvkzwvQCOMq3dPKEP3Zb0vB
qb/QBC/QFkwqZ6pAyX81E/cKofe+Kv+bZ1tPIWJ9M1rIcQ1EyFpz+GfymOc4fYh5
YjliCU4IdL+jy6u5cAAk+kdlwTDyIac96DlsMBfxDMjYrWacNIpETbf9CofA+sjz
YYDGP4X7Ax9j2CE62ym0nLKfSj7sN3NeM6aPHUDYmJERmBTgDSL/zZ+GMcuETpcR
16lZRggRX6JYgPZRmkfThgr6c4LvVtCgbc1wpa04G2G3+shE7vLv/F+wDyfZbVIM
YXJnUiYvivhAQmWN5xGwkWvdiOkyUjostftKk95/TAi4TxZxTX70Lz8IvOrcGm73
HHy8TZgYZinqE4CSRUOWFbfKDO12irQza3U+6k32eQl6VQhcsD+v/DfdGcFf6Efx
vhoLfbwPl9OJFFt7BATyUwQrIQtxjiUo5udq5cmaWG6s/5EYCr75cqrn8A2FfhHs
XlL63pbB0gEfEsdIVYTB0eGpeXgXPw3k7v76AGbnX7Oy6ltTu2A6U7Fx/5v+XP8X
38oXxwVnaH4=
=/mDx
-----END PGP SIGNATURE-----