1. Forum
  2. Usenet
  3. LINUX.GENTOO.ANNOUNCE

  • [gentoo-announce] [ GLSA 202209-13 ] libaacplus: Denial of Service

    From glsamaker@gentoo.org@21:1/5 to All on Sun Sep 25 16:00:03 2022
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 202209-13
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    https://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Severity: Normal
    Title: libaacplus: Denial of Service
    Date: September 25, 2022
    Bugs: #618000
    ID: 202209-13

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

    Synopsis
    ========

    Multiple vulnerabilities have been discovered in libaacplus, the worst
    of which could result in denial of service.

    Background
    ==========

    libaacplus is an HE-AAC+ v2 library, based on the reference
    implementation.

    Affected packages
    =================

    -------------------------------------------------------------------
    Package / Vulnerable / Unaffected
    -------------------------------------------------------------------
    1 media-libs/libaacplus <= 2.0.2-r3 Vulnerable!

    Description
    ===========

    Multiple vulnerabilities have been discovered in libaacplus. Please
    review the CVE identifiers referenced below for details.

    Impact
    ======

    Please review the referenced CVE identifiers for details.

    Workaround
    ==========

    There is no known workaround at this time.

    Resolution
    ==========

    Gentoo has discontinued suport for libaacplus. We recommend that users
    remove it:

    # emerge --ask --depclean "media-libs/libaacplus"

    References
    ==========

    [ 1 ] CVE-2017-7603
    https://nvd.nist.gov/vuln/detail/CVE-2017-7603
    [ 2 ] CVE-2017-7604
    https://nvd.nist.gov/vuln/detail/CVE-2017-7604
    [ 3 ] CVE-2017-7605
    https://nvd.nist.gov/vuln/detail/CVE-2017-7605

    Availability
    ============

    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:

    https://security.gentoo.org/glsa/202209-13

    Concerns?
    =========

    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users' machines is of utmost
    importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

    License
    =======

    Copyright 2022 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).

    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.

    https://creativecommons.org/licenses/by-sa/2.5
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmMwWTMACgkQFMQkOaVy +9lDOg/8CuCQQwV03Gmyzm1o0B2XIvt8MgU1sTMbzYIjGoEsl6LpikKgNxlG6Pzd t6S3ZywKd8qRh7+1tRkO3jDaAd/6gR7YJRNCYun59Gp0ukOAwS1lm0CdyF1b8Rax FX+TDoo03tsI3g5FEy8fp7a9GrtUz8i7ImFvFp3AJmrcIiXhSt7MrjlvSDLmFJnq luLQda45Hz3bHEWZvW2/JPFdFwBRLvGIqlyMiU8uivF81fH3XzQFaqMkFEW/fuS3 qpqnThgPvsGy7+irhr2ioSzD9rCTR84Qo9ho5elArxTjhgb/y+i82RL7PH1Ek4QT wGStSTtQocvyhyv3Q7Lwud/cQlCB97EWGlistdy3uNcVXfez8POp8t2qMO+0Ptk8 IrztBU8hq/1WmCmFooMOJ5tDDgvSf+3vq1EvXEGxybT9upQcEPwtK7Xsc809bNUK Ppk0hXeqFGypnD8BqIfm7mWINwVZu6AfiD9AeUhEr/sbAr9JTIQ3Jgi5HyZdFQcd PIF0Uesxzp4tX8A8ceWIHK4V8/9kc9cjkwDF4Afaus3wFCGVohPnPBx4GuG8G5z5 iB/PKZTInvjMdhF+xtqlL/GxDw3boMW67dZsrTBbvntfA/S49DG6i7LQNsS1I/5f uPt3ZcLA82E2vm7h5f4Kgk+pjpdjEvuCbiJ1DoAocDN50jZbjaM=
    =qeD7
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)