Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2019.1452 [DLA 1769-1] gst-plugins-base0.10 security update 29 April 2019 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: gst-plugins-base0.10 Publisher: Debian Operating System: Debian GNU/Linux 8 Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2019-9928 Original Bulletin: https://lists.debian.org/debian-lts-announce/2019/04/msg00030.html - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 rom: Thorsten Alteholz <debian@alteholz.de> To: debian-lts-announce@lists.debian.org Subject: [SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update Package : gst-plugins-base0.10 Version : 0.10.36-2+deb8u1 CVE ID : CVE-2019-9928 Debian Bug : The RTSP connection parser in the base GStreamer packages version 0.10, which is a streaming media framework, was vulnerable against an heap-based buffer overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. This could result in a remote code execution. For Debian 8 "Jessie", this problem has been fixed in version 0.10.36-2+deb8u1. We recommend that you upgrade your gst-plugins-base0.10 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzGFRtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEca8xAAtd9naYcxD/5UldaqpI64wHHiaKPMd0z9ntNkxU0HYIEWpbp4TkWWdNJF ZOlmj4uqB0i4jn8LZrMQL9XrxIQhNvEQDrn7wqfCo2J2s3BwRE84TijUB5nZ41bY EEOCrQK4Ho4lqIOL2jkYee7E/94kyhmle3LHkrfhk02qxTx3fhl1E1NVFu/UO760 dan2iJe/qJQnzezfIEEqGeUkScEV0kaiMxncfgYAqOlCFxQapFa6kPuCiRmCWbNq hHLgcoK3FBsSQcBgqZBzQTIC8X3JONQ2uFIZvNjYZuF1PD5bLvuwiTvx398rMpZD ilhW3S8hoWa3BDezS90n+5yVHcG4RJXQj/PikVEjdN2CR1fWkHkDR0yV+psByI39 XcguVa+QrN7bRKwajEluoIt8fhtKmp6PAdbZW2wK02WJC8Znz5TxocpBNvQDY92a 8yz8q6QQWxdy6XrAgW/nb/6wx8124DT6ctWjQzgP/1yYrYl7FPBePOuek9ZsKVrL OYf1p/BUtUBq9DL0+Vc3DWGglOlJv+Hrsr7yvXzddNjjKw9q2pdxX3NYliPT2oCO Ir6ZvHjV+nMRyFGCVF123uFCRxVcX2CpU2AHdo5ye5q3+BGocGRrX3LeWqN07pbP kzcKNnmi15frhf6hu6xklhWYJfqsh4/qIwE1ik929d9ZZXJ5ceM= =MzRA - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXMaCh2aOgq3Tt24GAQhIKw/+JImqTitXmUw/qN++NQGnr4vAL57FCt86 aFJeNtyLJTPOhqQs3KvnK5zcXH1nJKMkqREbldtLVfrt7YPBEJAOFM2WCodKsu4H pvqksNVfdVHhuMaO774m3SR31gYMyJAq59yR5yolbTq5L+d6QvshzO1Xf9lgW1Q2 /Y+k/K2YmunbJF03sXsAfgW26CvI5+tSPxs9MapZdjoWYYhG1y8aPYWwJyQIUW3w QIJ6SArCrCPaj0gnrrUkQuTpzm1JRNNbLmrH3yM0/dYx7ErAgov2Qc9g0JQztctG lW3q8BrJ5KT9U8XFs+lSvhYoNpkyyOUiblGOUnJw2bZ0Q4BI4ecwLeYxsqfmCEGH YIbp69iPsvFP+G1Apgq22gxq6cc9EhUnbHYMkyv+xHt6b86H+CAPi0JnHuhuICPz 2nmKip1AQYqiUYQ0WZ7HsPsvpIAGqmTK5nKVhRb/6inX6p3EAQKtKv9kBvpVKaNo BceV3WW+sxtb0VxgEJWo5bd01WilEcOQKle8J9JRvmifmCQDN1pPIB61yZpi3RVA Dyb9vDLqkvk/dgAvKfbkSXAV2gJtKgZbYq5QpKYtsi0TDFGRcPWJd80kRbu+M3xi BtF01Rnf8bSdc+BvBllGWAurkONedDX3mB3Q3DSLK+dlrD9fzTPh3q9AHV46FQmE yFrlvxQO85c= =vJw8 -----END PGP SIGNATURE-----