Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3264 taglib security update 1 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: taglib Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Access Privileged Data -- Remote with User Interaction Denial of Service -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2018-11439 CVE-2017-12678 Reference: ESB-2020.3620 ESB-2020.1185 ESB-2019.2415 Original Bulletin: https://www.debian.org/lts/security/2021/dla-2772 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2772-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : taglib Version : 1.11.1+dfsg.1-0.3+deb9u1 CVE ID : CVE-2017-12678 CVE-2018-11439 Debian Bug : 871511 903847 915281 Several problems were corrected in TagLib, a library for reading and editing audio meta data. CVE-2017-12678 A crafted audio file could result in a crash. CVE-2018-11439 A crafted audio file could result in information disclosure. Additionally, a bug that can lead to corruption of ogg files has been fixed. For Debian 9 stretch, these problems have been fixed in version 1.11.1+dfsg.1-0.3+deb9u1. We recommend that you upgrade your taglib packages. For the detailed security status of taglib please refer to its security tracker page at: https://security-tracker.debian.org/tracker/taglib Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFWIdoACgkQiNJCh6LY mLHWjw//VdPaAw1mTEYLnfkkskexeWE0W3B4p5YO4zMR2UBBZ8Wbp5ngot6T9bQG 9QnFvoJIa1ihL9t+SIDr4NxslF2nYqQzeYSrKKuTIIMEqEy7KkiSPqYfbQZ3Az7V t4yS+3JToBIx5Ym0I+CCh5FG8GjNtm37ps02dLL72mPSisrf5ggts7kqPzLEvT5W KeKiWRZamDPK9lZ35TbhNE2m3JkeHQOM7VFqzfrPfQGaEI2sJFWOl+XVkpo1a/rS AEV9EMApwTiv1wGwkIBz6bIFVfCEjCWxYEkGoD/Qj3OP6Af15ktyUzQQeVzQKo6z H9Hv9843XYlRl+n7GgjUswZswSvCBfvrqzlyjUdfthdIthPlsL6jOHgyOQ3xgPvG 0fLlQw2xkFcn1pWmq95WZL83jnboxFBx5+E4oWyDUzOr8zHxWgI+4NiCsazpyklf rkYtg6wKnn77jpnGeZpiq0PjaNxRoS3LFHQNGwCnSfimb8B16FW2+P3zQs96bzZf S0rnFkgKsa9hK8G11qRhn5Az9KF+OhYkYMA0C3yDqngWnXe7ZD+s6DXRLcgKf2vD Nu6AoNo4/CEYTr4BiZCmVf3S/UFeKrX0n5AQdP32DyPwlRXnlOrFLiXpJ2hT7b7c Ql2PZ0WRWh2ApBCczqkjmtgDCd1kpXdwjtDtNp1WKYfuucEImdo= =9R2L - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYVar+uNLKJtyKPYoAQj+Ig//doNHBNq2oQJjZNmNzz4oxfl5YFNFDt8q qZOwtfDh/J2cWF02lpRqVvErh5Ir3O5X/NtcLLMHWPYgYo3SGWqCUP0UvStLePI4 scVCa1MUbI4B7ox3cOEaPk3+hd+rf2CSdKoQqoGr/O8r506v9mWI1hzY8vLeurgl tP05YGFZeGXtJz3pBSIRmlptDs/If507OPGi96T+murOxV8ndyXxKcwZhxSf3c1n Po+E7KrMnlbu4KPeB6zIfGwN8e1+mSCmSN5CRJkt0rwsCvpDeHHLW39GHLNv/sly /26IqBYA4sKhPgzK2rWrJTA5efGKT0bvtxngr2/zbmc+2qjogG5w1TeVd937iB8v BG7b3SNOnRPPRFZDYi1JwsjE97jnwS0vdj4VJFgiZi0qohmQb85ab3tZJrmsOY/M 8qHCs1CqnP29nUCJtr9KYKQJ05oIAhpbLsgu7kBeNnSdNhyWSI8ZHHq7dZn/p+mm RLPZNh1EE8jIfCU27viA0dONU0/rEybDsXFDtMZPxaVUknCdcRSwoF89JpSHbJYE 9qEcodPqrXWnOH4EqRFAE8s1ylXHr6QiuUVx+GQsO00zt4yKZr42iyhjVdRHXDGi HPumZqrdAV9xR87B9nXQKPS6OcYhohts2Fg/YVgH8yrON0mcWq7nx+QwD4h3vP1/ AzZElv+X9qc= =G3hk -----END PGP SIGNATURE-----