[SECURITY] [DSA 4522-1] faad2 security update

From: Moritz Muehlenhoff <jmm@debian.org>
To: bugtraq@securityfocus.com
Cc:
Subject: [SECURITY] [DSA 4522-1] faad2 security update
Date:


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4522-1                   security@debian.org
https://www.debian.org/security/                            Hugo Lefeuvre
September 15, 2019                    https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : faad2
CVE ID         : CVE-2018-19502 CVE-2018-19503 CVE-2018-19504 CVE-2018-20194 
                 CVE-2018-20195 CVE-2018-20197 CVE-2018-20198 CVE-2018-20357 
                 CVE-2018-20358 CVE-2018-20359 CVE-2018-20361 CVE-2018-20362 
                 CVE-2019-15296
Debian Bug     : 914641

Multiple vulnerabilities have been discovered in faad2, the Freeware Advanced
Audio Coder. These vulnerabilities might allow remote attackers to cause
denial-of-service, or potentially execute arbitrary code if crafted MPEG AAC
files are processed.

For the oldstable distribution (stretch), these problems have been fixed
in version 2.8.0~cvs20161113-1+deb9u2.

We recommend that you upgrade your faad2 packages.

For the detailed security status of faad2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/faad2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl1+XpoACgkQEMKTtsN8
Tja0xA//QlCrjIhBs6HZmnm+37XN6puyT6R5cCigpzAERhG5tXkCNHY/zE7R5sNi
uUkmi98xOT2YPWO8h8JbiOvdU2TCImPAT7zBXway6a8uMsTbmuprNIW9DZ/E4JUz
IeOJy1dNQeWX5ud4CA0eQQLuKevycG/G4LDPw3zMU0ofayQQiTtgKd5JSPXWN7X5
TaLPwQWHaaSTBNmHDi9nGEy+X3yXGxgC87OSScCdufvFmoV4Aqo7pXBOPJBFyeIQ
JYz6noUW6JzI4xQBngarthSCI2TQRGVn2AnH2n9yWP0Nf2nznymKDh2L5acpNYpY
cSZOUOMrjzX4OPQWmIZMsgbB7MpS0+xHUfb2ls3NJ2RbbLUSFrA/v2Xff4x6/eZM
jsYQ0sKY1Lqt3uj3tD8TqGs1H2q6marjGTlnLsAWyIBXa6MJIQHZdxehhVDx0U7u
Tom0A9NSQqWLa3AV6Dy/BSoWUCbNrXdt4ppoAXgy9k+x2kMNaJpJ3EbAzMA+xRnp
gi44t9E+HT5iNURkKovQt+/OZKPYlI00AVCpH31bjEUHCeTCw79BsX1v9kpuXWXg
jW6A/efW1hnmvC74yeDLNoE3iri54ZKsy+w4ELOLQFAtkmAq0bOW4I/03v7lH2h5
Q77PZEuA2XZVri9vO5z8m4VQE+HZB73LTrq7fJ/eHgTCqJRSmko=
=qHQO
-----END PGP SIGNATURE-----





Copyright © 1995-2019 LinuxRocket.net. All rights reserved.