Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.2278 fluidsynth security update 30 June 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: fluidsynth Publisher: Debian Operating System: Debian GNU/Linux UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-28421 Original Bulletin: https://www.debian.org/lts/security/2021/dla-2697 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running fluidsynth check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2697-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Thorsten Alteholz June 29, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : fluidsynth Version : 1.1.6-4+deb9u1 CVE ID : CVE-2021-28421 A vulnerbility has been found in fluidsynth, a real-time MIDI software synthesizer. Using a special crafted soundfont2 file, a use after free vulnerability might result in arbitrary code execution or a denial of service (DoS). For Debian 9 stretch, this problem has been fixed in version 1.1.6-4+deb9u1. We recommend that you upgrade your fluidsynth packages. For the detailed security status of fluidsynth please refer to its security tracker page at: https://security-tracker.debian.org/tracker/fluidsynth Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmDblRBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEeDOQ//d/3JJh8rxvHZ2iUcmBoANeMB2HviyeU9hz/VgsWr5x6JcTK3APyAc42+ UvX570fr9A9z15Ay3/ZJnEDqi+E6t98sEsMkQKLWcz+KGWWGq711m0WIa3ZncvuY jodfB0GcWfKGBQjCbt6MdhSWThQ3gf7X2KkVy27+5H8vffbJrXuSZzyNg8aNWXmu lrAdO2MzKi9jglFbtRNr0sHEHXQAW9p5Ny6ltPD4d9qM4uGd7IvEYOWKceTUW8BY ii9yje1CGgsxAdOcz06VDc8g4eZzn6Yu7+gA4IlGsZ9tjxitHTW8Dj8zEjPzQVqn hr5fVsM9+x2dh0fqzzXS89/oQjdo5+kfCDOmTi53fyZZ1YKCi7Be1Cd7ZWOvCEi6 AKkaYAKx/giYvxwtNXgVH3QfxrJnd/VYMFjD9lU3jj7d+E99G9zZAxZdypHYIZpz Lo/VBdyFJm0xTy2GtuxXIockI6vw/g/lsJsFYujJws3mZd9h/KOeS9iBYt2WNl5P BFkBIGjuWFT0MGt0iuDmf24TsAPKn8seX0dVOqFtsD6hlDceeM4jAv2b1eo/iGly P3Ef32ol/AGJ2jVqT9HiD4QEENE2rnW4hLOVTMgfh+s77LEYXCZaC5GrDuZARxm4 9gx4WFb8esTTXnG51CmTAlQWQ+PqZ1dyourYZEhq/CLQqdqkb3A= =ccVm - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYNv2+ONLKJtyKPYoAQjexQ//V8cCf5AV+Lgall8wnQ70gPJDILsqAPuO 7giPqyBhwRX91/8zkIDibqSaeHpm9zuhKmJjvUCIU+kUsIovDx2WTZMCHjhlJ8Xz TT+MNPCqQIfm5490k5WOmizwYMCpx4wCPoosbbD4RmvkzwvQCOMq3dPKEP3Zb0vB qb/QBC/QFkwqZ6pAyX81E/cKofe+Kv+bZ1tPIWJ9M1rIcQ1EyFpz+GfymOc4fYh5 YjliCU4IdL+jy6u5cAAk+kdlwTDyIac96DlsMBfxDMjYrWacNIpETbf9CofA+sjz YYDGP4X7Ax9j2CE62ym0nLKfSj7sN3NeM6aPHUDYmJERmBTgDSL/zZ+GMcuETpcR 16lZRggRX6JYgPZRmkfThgr6c4LvVtCgbc1wpa04G2G3+shE7vLv/F+wDyfZbVIM YXJnUiYvivhAQmWN5xGwkWvdiOkyUjostftKk95/TAi4TxZxTX70Lz8IvOrcGm73 HHy8TZgYZinqE4CSRUOWFbfKDO12irQza3U+6k32eQl6VQhcsD+v/DfdGcFf6Efx vhoLfbwPl9OJFFt7BATyUwQrIQtxjiUo5udq5cmaWG6s/5EYCr75cqrn8A2FfhHs XlL63pbB0gEfEsdIVYTB0eGpeXgXPw3k7v76AGbnX7Oy6ltTu2A6U7Fx/5v+XP8X 38oXxwVnaH4= =/mDx -----END PGP SIGNATURE-----