• [SECURITY] [DSA 5533-1] gst-plugins-bad1.0 security update

    From Salvatore Bonaccorso@21:1/5 to All on Tue Oct 24 23:10:01 2023
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5533-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 24, 2023 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : gst-plugins-bad1.0
    CVE ID : CVE-2023-40474 CVE-2023-40475 CVE-2023-40476
    Debian Bug : 1053259 1053260 1053261

    Multiple vulnerabilities were discovered in plugins for the GStreamer
    media framework and its codecs and demuxers, which may result in denial
    of service or potentially the execution of arbitrary code if a malformed
    media file is opened.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 1.18.4-3+deb11u2.

    For the stable distribution (bookworm), these problems have been fixed in version 1.22.0-4+deb12u2.

    We recommend that you upgrade your gst-plugins-bad1.0 packages.

    For the detailed security status of gst-plugins-bad1.0 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/gst-plugins-bad1.0

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmU4L/BfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TxqQ//eRO99HAGSxBpe+slujteJrf9SkyJBdolvoEvz2ZjbiDVSJlwcGdpeYI+ 61ADafQx5L/klbx9FJoiIgRq9OtfzQMAMH3RBhL637EuzFOeQBwBWAQBqs6/MAbi tiYrFusMxPUsxt8EEBCrDZSCOgyW+HOP2nKnmxsx1LnVvYbdHF15m7hRoj6SKvpG Kf8oCHzFKG+4iEKzrSPPRjxVe1ao7I1/xzVPvDN6pFibj3wNNBRM+a5KyHpaAcpw F0V9yT+qYr9FJQEaaIk3rx5JtzNw1KHn8qds8wTZh71mGRI8WkAls8DeKNAE4xtz SGF/SLAUfKukRdYYk2IKe2zLzcrn/KCq9wcdGLOm2ufKJNeiNZUHIr0GxIf/hPOa Kh6yauX7CbUPbYlMRvG1ikt5i3uywNoaClyRXv/8viYrZJC8FfW7Q702UrbBzXzc fkG2jhYXboaZmaMZeX/jXp1tw/GmOvZoPkxQfaf9QHG57ly3gu132dKezzAmXQS8 DHrDFvTqL8QKbS9532YvMsS6/JTMqnoZ6ykcSjgXn1pOedxENxA0xw6S0K9aV4PJ CR9i3DK7CRe/Sf53IlK6+zhsBgrXce3TU8EOAz9PavICEedVaOSIwnW/uPyxQlNe omGF2ka6RC4NvK42/i8SioDWNHtVpUYA/L6hhRrLXP2V9hGHznU=
    =GYlt
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)