Operating System:

[UNIX/Linux][Debian]

Published:

01 September 2021

Protect yourself against future threats.

//Service

Member Security Incident Notifications

Be proactive with your security and receive our daily Member Security Incident Notifications (MSINs) custom to your network.

Read more
Resources > Security Bulletins > ESB-2021.2938 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.2938
                           gpac security update
                             1 September 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           gpac
Publisher:         Debian
Operating System:  Debian GNU/Linux
                   UNIX variants (UNIX, Linux, OSX)
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-21861 CVE-2021-21860 CVE-2021-21859
                   CVE-2021-21858 CVE-2021-21857 CVE-2021-21855
                   CVE-2021-21854 CVE-2021-21853 CVE-2021-21850
                   CVE-2021-21849 CVE-2021-21848 CVE-2021-21847
                   CVE-2021-21846 CVE-2021-21845 CVE-2021-21844
                   CVE-2021-21843 CVE-2021-21842 CVE-2021-21841
                   CVE-2021-21840 CVE-2021-21839 CVE-2021-21838
                   CVE-2021-21837 CVE-2021-21836 CVE-2021-21834

Original Bulletin: 
   https://lists.debian.org/debian-security-announce/2021/msg00151.html

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running gpac check for an updated version of the software for their
         operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4966-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 31, 2021                       https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : gpac
CVE ID         : CVE-2021-21834 CVE-2021-21836 CVE-2021-21837 CVE-2021-21838 
                 CVE-2021-21839 CVE-2021-21840 CVE-2021-21841 CVE-2021-21842 
                 CVE-2021-21843 CVE-2021-21844 CVE-2021-21845 CVE-2021-21846 
                 CVE-2021-21847 CVE-2021-21848 CVE-2021-21849 CVE-2021-21850 
                 CVE-2021-21853 CVE-2021-21854 CVE-2021-21855 CVE-2021-21857
		 CVE-2021-21858 CVE-2021-21859 CVE-2021-21860 CVE-2021-21861

Multiple security issues were discovered in the GPAC multimedia framework
which could result in denial of service or the execution of arbitrary code.

The oldstable distribution (buster) is not affected.

For the stable distribution (bullseye), these problems have been fixed in
version 1.0.1+dfsg1-4+deb11u1.

We recommend that you upgrade your gpac packages.

For the detailed security status of gpac please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gpac

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmEumXAACgkQEMKTtsN8
TjY+Cg/9ERkZuIItXpKeYK15UfQ0U1pe43Ojx2vLvhwLw9PgndEx8+HPilultRY/
xabIECwAPsG9T8KuNdZNBxyAvRsRtxMPbxhDgVgv/0T0H94ZPJNze7nwOPLTTPEZ
oYy4mTWq6wRNpQ9UaxWxnQR/nESecCTBREZhfIq791sGcCaTw0JeL5MgbCOCdFOg
R6W3sy94UJFGvFJk8OnILQC+iARs2iTN9xihXeupVHb25Df9937oe2KX5NYMx/gM
hJXDashq5y6pVD0Js4KSAAh0L44iUfYZmVFGRwunQpxfQwtkC+fLDjqRxsbF4AKU
+LRMUHgXhtRwU24MCRs1y0rhPwEweIIxu2zq3pDdVFDkFIMgxco/XyvcYGViwTxg
Wi95z/MC44PKGRc9gn5qi4yW/tl950LuDWO8v3jDDiCcj9bpVu/27mZi43fb6iVn
BDn3UlE2Z2uZyGXD/zPma25DKZc/9MT3srzFNEOey0hsfpD7P8jrnIxMUyelEz7s
ubMJaEXpHdWFs1sB74352Gl5969eurhRuNlYK9d5MM1jBr2SiGhrC+tUjv9RSy1I
fvnyGnNHiYlvgWznAhs5qDBLK1pHxPyIhKBunvCBpmzWF1yMXKShPeYWSIGd6q6Z
OUosAHcHTW67/IJWwfYcrwbvEtUUpJv8cfYPdukj1U/2lId9BgQ=
=I6Dv
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYS68JuNLKJtyKPYoAQi8JA//Rp41HbaaI/qR2WNxLl4VhmLk8Ba/FKU6
gVvrgWkEosf8vmN8IwLKMtb0XLRNlPN4c/P4ZdgWHJDlwMfH2UE3HpSM2bo+I3gv
2Y6lHMnyASLXHxyC2ajHfIlEL0LJSbYs799R/bWJbLY5MTlxcvc5NoFGML039kDN
sHRtgFQ6eS/2s1ZJHTq8+RWrpejUeVRKCDz9T3JhEZgk8V1lFl2BgdIRB39Uslmq
Ef4QvMdiASg01HtwNBuobkNIAUkcQGhAkSd0WfogrVcSTjzto09+ERuxG5x+lUHt
zXdnuvYg91Imv+m+grtLq17EAwboJuamNI/Kw/WlN09qrg+6fEyUXQjOk7hecOUh
SamFTPNQ47pSzpxYdSk6PHTwffjGOf/opCa/ibvX19puK/aw9rZoTdb7lhubh2qJ
oxgl6MzBWYMf+zkIU3/Cu246JK9objWl6LxFBFa8nZv+toyJteglsffe11BCGVzL
jBol1urU2yPENOr/U0Yj1GZvt0Ibc2k8Ul9+apIMc3cQ2maU53ch0+vF9KehQJqd
I0pN5nNCwxj2LcAZt57Hifb5q/D4eIPfI17lJ5/1VXrQ8Gugvm0IfU7+cjmc8T/n
wE6TsHTdTrRKI6UjsG4IcMUCIV0hL2EYitbpsX8Fpwsr8U03j23y298jWG6a8+XP
Vw9EvnBWQ0Y=
=v3/N
-----END PGP SIGNATURE-----