Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2019.1452
[DLA 1769-1] gst-plugins-base0.10 security update
29 April 2019
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gst-plugins-base0.10
Publisher: Debian
Operating System: Debian GNU/Linux 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2019-9928
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2019/04/msg00030.html
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
rom: Thorsten Alteholz <debian@alteholz.de>
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update
Package : gst-plugins-base0.10
Version : 0.10.36-2+deb8u1
CVE ID : CVE-2019-9928
Debian Bug :
The RTSP connection parser in the base GStreamer packages version 0.10,
which is a streaming media framework, was vulnerable against an
heap-based buffer overflow by sending a longer than allowed session id in
a response and including a semicolon to change the maximum length. This
could result in a remote code execution.
For Debian 8 "Jessie", this problem has been fixed in version
0.10.36-2+deb8u1.
We recommend that you upgrade your gst-plugins-base0.10 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzGFRtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEca8xAAtd9naYcxD/5UldaqpI64wHHiaKPMd0z9ntNkxU0HYIEWpbp4TkWWdNJF
ZOlmj4uqB0i4jn8LZrMQL9XrxIQhNvEQDrn7wqfCo2J2s3BwRE84TijUB5nZ41bY
EEOCrQK4Ho4lqIOL2jkYee7E/94kyhmle3LHkrfhk02qxTx3fhl1E1NVFu/UO760
dan2iJe/qJQnzezfIEEqGeUkScEV0kaiMxncfgYAqOlCFxQapFa6kPuCiRmCWbNq
hHLgcoK3FBsSQcBgqZBzQTIC8X3JONQ2uFIZvNjYZuF1PD5bLvuwiTvx398rMpZD
ilhW3S8hoWa3BDezS90n+5yVHcG4RJXQj/PikVEjdN2CR1fWkHkDR0yV+psByI39
XcguVa+QrN7bRKwajEluoIt8fhtKmp6PAdbZW2wK02WJC8Znz5TxocpBNvQDY92a
8yz8q6QQWxdy6XrAgW/nb/6wx8124DT6ctWjQzgP/1yYrYl7FPBePOuek9ZsKVrL
OYf1p/BUtUBq9DL0+Vc3DWGglOlJv+Hrsr7yvXzddNjjKw9q2pdxX3NYliPT2oCO
Ir6ZvHjV+nMRyFGCVF123uFCRxVcX2CpU2AHdo5ye5q3+BGocGRrX3LeWqN07pbP
kzcKNnmi15frhf6hu6xklhWYJfqsh4/qIwE1ik929d9ZZXJ5ceM=
=MzRA
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXMaCh2aOgq3Tt24GAQhIKw/+JImqTitXmUw/qN++NQGnr4vAL57FCt86
aFJeNtyLJTPOhqQs3KvnK5zcXH1nJKMkqREbldtLVfrt7YPBEJAOFM2WCodKsu4H
pvqksNVfdVHhuMaO774m3SR31gYMyJAq59yR5yolbTq5L+d6QvshzO1Xf9lgW1Q2
/Y+k/K2YmunbJF03sXsAfgW26CvI5+tSPxs9MapZdjoWYYhG1y8aPYWwJyQIUW3w
QIJ6SArCrCPaj0gnrrUkQuTpzm1JRNNbLmrH3yM0/dYx7ErAgov2Qc9g0JQztctG
lW3q8BrJ5KT9U8XFs+lSvhYoNpkyyOUiblGOUnJw2bZ0Q4BI4ecwLeYxsqfmCEGH
YIbp69iPsvFP+G1Apgq22gxq6cc9EhUnbHYMkyv+xHt6b86H+CAPi0JnHuhuICPz
2nmKip1AQYqiUYQ0WZ7HsPsvpIAGqmTK5nKVhRb/6inX6p3EAQKtKv9kBvpVKaNo
BceV3WW+sxtb0VxgEJWo5bd01WilEcOQKle8J9JRvmifmCQDN1pPIB61yZpi3RVA
Dyb9vDLqkvk/dgAvKfbkSXAV2gJtKgZbYq5QpKYtsi0TDFGRcPWJd80kRbu+M3xi
BtF01Rnf8bSdc+BvBllGWAurkONedDX3mB3Q3DSLK+dlrD9fzTPh3q9AHV46FQmE
yFrlvxQO85c=
=vJw8
-----END PGP SIGNATURE-----