- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 202408-20
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                           https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: libde265: Multiple Vulnerabilities
     Date: August 10, 2024
     Bugs: #813486, #889876
       ID: 202408-20

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in libde265, the worst of
which could lead to arbitrary code execution.

Background
==========

Open h.265 video codec implementation.

Affected packages
=================

Package              Vulnerable    Unaffected
-------------------  ------------  ------------
media-libs/libde265  < 1.0.11      >= 1.0.11

Description
===========

Multiple vulnerabilities have been discovered in libde265. Please review
the CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All libde265 users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=media-libs/libde265-1.0.11"

References
==========

[ 1 ] CVE-2020-21594
      https://nvd.nist.gov/vuln/detail/CVE-2020-21594
[ 2 ] CVE-2020-21595
      https://nvd.nist.gov/vuln/detail/CVE-2020-21595
[ 3 ] CVE-2020-21596
      https://nvd.nist.gov/vuln/detail/CVE-2020-21596
[ 4 ] CVE-2020-21597
      https://nvd.nist.gov/vuln/detail/CVE-2020-21597
[ 5 ] CVE-2020-21598
      https://nvd.nist.gov/vuln/detail/CVE-2020-21598
[ 6 ] CVE-2020-21599
      https://nvd.nist.gov/vuln/detail/CVE-2020-21599
[ 7 ] CVE-2020-21600
      https://nvd.nist.gov/vuln/detail/CVE-2020-21600
[ 8 ] CVE-2020-21601
      https://nvd.nist.gov/vuln/detail/CVE-2020-21601
[ 9 ] CVE-2020-21602
      https://nvd.nist.gov/vuln/detail/CVE-2020-21602
[ 10 ] CVE-2020-21603
      https://nvd.nist.gov/vuln/detail/CVE-2020-21603
[ 11 ] CVE-2020-21604
      https://nvd.nist.gov/vuln/detail/CVE-2020-21604
[ 12 ] CVE-2020-21605
      https://nvd.nist.gov/vuln/detail/CVE-2020-21605
[ 13 ] CVE-2020-21606
      https://nvd.nist.gov/vuln/detail/CVE-2020-21606
[ 14 ] CVE-2021-35452
      https://nvd.nist.gov/vuln/detail/CVE-2021-35452
[ 15 ] CVE-2021-36408
      https://nvd.nist.gov/vuln/detail/CVE-2021-36408
[ 16 ] CVE-2021-36409
      https://nvd.nist.gov/vuln/detail/CVE-2021-36409
[ 17 ] CVE-2021-36410
      https://nvd.nist.gov/vuln/detail/CVE-2021-36410
[ 18 ] CVE-2021-36411
      https://nvd.nist.gov/vuln/detail/CVE-2021-36411
[ 19 ] CVE-2022-1253
      https://nvd.nist.gov/vuln/detail/CVE-2022-1253
[ 20 ] CVE-2022-43235
      https://nvd.nist.gov/vuln/detail/CVE-2022-43235
[ 21 ] CVE-2022-43236
      https://nvd.nist.gov/vuln/detail/CVE-2022-43236
[ 22 ] CVE-2022-43237
      https://nvd.nist.gov/vuln/detail/CVE-2022-43237
[ 23 ] CVE-2022-43238
      https://nvd.nist.gov/vuln/detail/CVE-2022-43238
[ 24 ] CVE-2022-43239
      https://nvd.nist.gov/vuln/detail/CVE-2022-43239
[ 25 ] CVE-2022-43240
      https://nvd.nist.gov/vuln/detail/CVE-2022-43240
[ 26 ] CVE-2022-43241
      https://nvd.nist.gov/vuln/detail/CVE-2022-43241
[ 27 ] CVE-2022-43242
      https://nvd.nist.gov/vuln/detail/CVE-2022-43242
[ 28 ] CVE-2022-43243
      https://nvd.nist.gov/vuln/detail/CVE-2022-43243
[ 29 ] CVE-2022-43244
      https://nvd.nist.gov/vuln/detail/CVE-2022-43244
[ 30 ] CVE-2022-43245
      https://nvd.nist.gov/vuln/detail/CVE-2022-43245
[ 31 ] CVE-2022-43248
      https://nvd.nist.gov/vuln/detail/CVE-2022-43248
[ 32 ] CVE-2022-43249
      https://nvd.nist.gov/vuln/detail/CVE-2022-43249
[ 33 ] CVE-2022-43250
      https://nvd.nist.gov/vuln/detail/CVE-2022-43250
[ 34 ] CVE-2022-43252
      https://nvd.nist.gov/vuln/detail/CVE-2022-43252
[ 35 ] CVE-2022-43253
      https://nvd.nist.gov/vuln/detail/CVE-2022-43253
[ 36 ] CVE-2022-47655
      https://nvd.nist.gov/vuln/detail/CVE-2022-47655
[ 37 ] CVE-2022-47664
      https://nvd.nist.gov/vuln/detail/CVE-2022-47664
[ 38 ] CVE-2022-47665
      https://nvd.nist.gov/vuln/detail/CVE-2022-47665
[ 39 ] CVE-2023-24751
      https://nvd.nist.gov/vuln/detail/CVE-2023-24751
[ 40 ] CVE-2023-24752
      https://nvd.nist.gov/vuln/detail/CVE-2023-24752
[ 41 ] CVE-2023-24754
      https://nvd.nist.gov/vuln/detail/CVE-2023-24754
[ 42 ] CVE-2023-24755
      https://nvd.nist.gov/vuln/detail/CVE-2023-24755
[ 43 ] CVE-2023-24756
      https://nvd.nist.gov/vuln/detail/CVE-2023-24756
[ 44 ] CVE-2023-24757
      https://nvd.nist.gov/vuln/detail/CVE-2023-24757
[ 45 ] CVE-2023-24758
      https://nvd.nist.gov/vuln/detail/CVE-2023-24758
[ 46 ] CVE-2023-25221
      https://nvd.nist.gov/vuln/detail/CVE-2023-25221

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 https://security.gentoo.org/glsa/202408-20

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Gentoo: GLSA-202408-20: libde265: Security Advisory Updates

Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution.

Summary

Multiple vulnerabilities have been discovered in libde265. Please review the CVE identifiers referenced below for details.

Resolution

All libde265 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libde265-1.0.11"

References

[ 1 ] CVE-2020-21594 https://nvd.nist.gov/vuln/detail/CVE-2020-21594 [ 2 ] CVE-2020-21595 https://nvd.nist.gov/vuln/detail/CVE-2020-21595 [ 3 ] CVE-2020-21596 https://nvd.nist.gov/vuln/detail/CVE-2020-21596 [ 4 ] CVE-2020-21597 https://nvd.nist.gov/vuln/detail/CVE-2020-21597 [ 5 ] CVE-2020-21598 https://nvd.nist.gov/vuln/detail/CVE-2020-21598 [ 6 ] CVE-2020-21599 https://nvd.nist.gov/vuln/detail/CVE-2020-21599 [ 7 ] CVE-2020-21600 https://nvd.nist.gov/vuln/detail/CVE-2020-21600 [ 8 ] CVE-2020-21601 https://nvd.nist.gov/vuln/detail/CVE-2020-21601 [ 9 ] CVE-2020-21602 https://nvd.nist.gov/vuln/detail/CVE-2020-21602 [ 10 ] CVE-2020-21603 https://nvd.nist.gov/vuln/detail/CVE-2020-21603 [ 11 ] CVE-2020-21604 https://nvd.nist.gov/vuln/detail/CVE-2020-21604 [ 12 ] CVE-2020-21605 https://nvd.nist.gov/vuln/detail/CVE-2020-21605 [ 13 ] CVE-2020-21606 https://nvd.nist.gov/vuln/detail/CVE-2020-21606 [ 14 ] CVE-2021-35452 https://nvd.nist.gov/vuln/detail/CVE-2021-35452 [ 15 ] CVE-2021-36408 https://nvd.nist.gov/vuln/detail/CVE-2021-36408 [ 16 ] CVE-2021-36409 https://nvd.nist.gov/vuln/detail/CVE-2021-36409 [ 17 ] CVE-2021-36410 https://nvd.nist.gov/vuln/detail/CVE-2021-36410 [ 18 ] CVE-2021-36411 https://nvd.nist.gov/vuln/detail/CVE-2021-36411 [ 19 ] CVE-2022-1253 https://nvd.nist.gov/vuln/detail/CVE-2022-1253 [ 20 ] CVE-2022-43235 https://nvd.nist.gov/vuln/detail/CVE-2022-43235 [ 21 ] CVE-2022-43236 https://nvd.nist.gov/vuln/detail/CVE-2022-43236 [ 22 ] CVE-2022-43237 https://nvd.nist.gov/vuln/detail/CVE-2022-43237 [ 23 ] CVE-2022-43238 https://nvd.nist.gov/vuln/detail/CVE-2022-43238 [ 24 ] CVE-2022-43239 https://nvd.nist.gov/vuln/detail/CVE-2022-43239 [ 25 ] CVE-2022-43240 https://nvd.nist.gov/vuln/detail/CVE-2022-43240 [ 26 ] CVE-2022-43241 https://nvd.nist.gov/vuln/detail/CVE-2022-43241 [ 27 ] CVE-2022-43242 https://nvd.nist.gov/vuln/detail/CVE-2022-43242 [ 28 ] CVE-2022-43243 https://nvd.nist.gov/vuln/detail/CVE-2022-43243 [ 29 ] CVE-2022-43244 https://nvd.nist.gov/vuln/detail/CVE-2022-43244 [ 30 ] CVE-2022-43245 https://nvd.nist.gov/vuln/detail/CVE-2022-43245 [ 31 ] CVE-2022-43248 https://nvd.nist.gov/vuln/detail/CVE-2022-43248 [ 32 ] CVE-2022-43249 https://nvd.nist.gov/vuln/detail/CVE-2022-43249 [ 33 ] CVE-2022-43250 https://nvd.nist.gov/vuln/detail/CVE-2022-43250 [ 34 ] CVE-2022-43252 https://nvd.nist.gov/vuln/detail/CVE-2022-43252 [ 35 ] CVE-2022-43253 https://nvd.nist.gov/vuln/detail/CVE-2022-43253 [ 36 ] CVE-2022-47655 https://nvd.nist.gov/vuln/detail/CVE-2022-47655 [ 37 ] CVE-2022-47664 https://nvd.nist.gov/vuln/detail/CVE-2022-47664 [ 38 ] CVE-2022-47665 https://nvd.nist.gov/vuln/detail/CVE-2022-47665 [ 39 ] CVE-2023-24751 https://nvd.nist.gov/vuln/detail/CVE-2023-24751 [ 40 ] CVE-2023-24752 https://nvd.nist.gov/vuln/detail/CVE-2023-24752 [ 41 ] CVE-2023-24754 https://nvd.nist.gov/vuln/detail/CVE-2023-24754 [ 42 ] CVE-2023-24755 https://nvd.nist.gov/vuln/detail/CVE-2023-24755 [ 43 ] CVE-2023-24756 https://nvd.nist.gov/vuln/detail/CVE-2023-24756 [ 44 ] CVE-2023-24757 https://nvd.nist.gov/vuln/detail/CVE-2023-24757 [ 45 ] CVE-2023-24758 https://nvd.nist.gov/vuln/detail/CVE-2023-24758 [ 46 ] CVE-2023-25221 https://nvd.nist.gov/vuln/detail/CVE-2023-25221

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/202408-20

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity
Severity: Normal
Title: libde265: Multiple Vulnerabilities
Date: August 10, 2024
Bugs: #813486, #889876
ID: 202408-20

Synopsis

Multiple vulnerabilities have been discovered in libde265, the worst of which could lead to arbitrary code execution.

Background

Open h.265 video codec implementation.

Affected Packages

Package Vulnerable Unaffected ------------------- ------------ ------------ media-libs/libde265 < 1.0.11 >= 1.0.11

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Related News

Fighting Back Against Hadooken Malware by Strengthening WebLogic Security
2 - 4 min read
Cybercriminals have been relentlessly attacking the digital landscape, aiming to exploit vulnerabilities in well-known systems. One such exploit is
CISA Sounds Alarm on Newly Exploited Vulnerabilities: Is Your System at Risk?
3 - 5 min read
CISA regularly publishes updates regarding vulnerabilities that present severe threats to global cybersecurity. Recently, CISA added three
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
Defending Against Remote Code Execution in Google Chrome: A Critical Update
2 - 3 min read
Google Chrome, a widely used web browser, serves millions of internet users by connecting them to the online world. Unfortunately, severe
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Unmasking Cicada3301: Examining the Threat of the New Rust-Based Ransomware
2 - 4 min read
Ransomware has long been a severe threat to organizations and admins alike. Recently, cybersecurity researchers discovered a new variant called
Buffer Overflow Exploits in Linux: Origins, Impact, and Countermeasures
3 - 6 min read
Buffer overflow vulnerabilities have long been one of the biggest headaches in computer security, especially on Linux operating systems that power
8 Expert-Recommended Security Practices to Fortify Your Linux Systems
4 - 8 min read
As a Linux admin or an infosec professional, you understand how the security landscape changes due to evolving threats, newly discovered

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved