Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 4 articles for you...
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorysecurity issuebuffer overflow

Mageia 9: MGASA-2025-0090 moderate: gpac out-of-bounds read

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. (CVE-2023-5520) Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. (CVE-2024-0321) Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. . MGASA-2025-0090 - Updated gpac packages fix security vulnerabilities Publication date: 08 Mar 2025 URL: https://advisories.mageia.org/MGASA-2025-0090.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-5520, CVE-2024-0321, CVE-2024-0322 Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2. (CVE-2023-5520) Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. (CVE-2024-0321) Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. (CVE-2024-0322) References: - https://bugs.mageia.org/show_bug.cgi?id=34071 - https://ubuntu.com/security/notices/USN-7320-1 - https://www.cve.org/CVERecord?id=CVE-2023-5520 - https://www.cve.org/CVERecord?id=CVE-2024-0321 - https://www.cve.org/CVERecord?id=CVE-2024-0322 SRPMS: - 9/tainted/gpac-2.2.1-1.2.mga9.tainted . Mageia has issued a security advisory addressing vulnerabilities in gpac, particularly buffer overflows and out-of-bounds memory reads. It details the fixes made.. gpac security, Mageia advisory, software vulnerabilities, gpac update, security issues. . LinuxSecurity.com Team

Calendar 2 Mar 08, 2025 Mageia
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisorydenial of servicecritical issue

Ubuntu 22.04 LTS USN-7320-1 critical: gpac denial of service

Several security issues were fixed in GPAC.. ========================================================================== Ubuntu Security Notice USN-7320-1 March 04, 2025 gpac vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in GPAC. Software Description: - gpac: GPAC Project on Advanced Content Details: It was discovered that the GPAC MP4Box utility incorrectly handled certain AC3 files, which could lead to an out-of-bounds read. A remote attacker could use this issue to cause MP4Box to crash, resulting in a denial of service (system crash). This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2023-5520, CVE-2024-0322) It was discovered that the GPAC MP4Box utility incorrectly handled certain malformed text files. If a user or automated system using MP4Box were tricked into opening a specially crafted RST file, an attacker could use this issue to cause a denial of service (system crash) or execute arbitrary code. (CVE-2024-0321) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS gpac 2.2.1+dfsg1-3.1ubuntu0.1~esm2 Available with Ubuntu Pro gpac-modules-base 2.2.1+dfsg1-3.1ubuntu0.1~esm2 Available with Ubuntu Pro libgpac12t64 2.2.1+dfsg1-3.1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 22.04 LTS gpac 2.0.0+dfsg1-2ubuntu0.1~esm2 Available with Ubuntu Pro gpac-modules-base 2.0.0+dfsg1-2ubuntu0.1~esm2 Available with Ubuntu Pro libgpac11 2.0.0+dfsg1-2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS gpac 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2 Available with Ubuntu Pro gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2 Available with Ubuntu Pro libgpac4 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS gpac 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1 Available with Ubuntu Pro gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1 Available with Ubuntu Pro libgpac4 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS gpac 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2 Available with Ubuntu Pro gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2 Available with Ubuntu Pro libgpac4 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2 Available with Ubuntu Pro Ubuntu 14.04 LTS gpac 0.5.0+svn4288~dfsg1-4ubuntu1+esm2 Available with Ubuntu Pro gpac-modules-base 0.5.0+svn4288~dfsg1-4ubuntu1+esm2 Available with Ubuntu Pro libgpac2 0.5.0+svn4288~dfsg1-4ubuntu1+esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7320-1 CVE-2023-5520,CVE-2024-0321, CVE-2024-0322 . Multiple vulnerability patches have been released for GPAC, impacting various Ubuntu LTS editions, essential for maintaining system integrity.. GPAC Security, Ubuntu Update, Security Fix, Denial of Service, System Stability. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 05, 2025 Critical Ubuntu
Banner 2 1028x280 1708121730 1 1771599631
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorysecurity issueupdate

Mageia 9 MGASA-2024-0027 Critical: Security Vulnerabilities in Gpac

This update fixes two security vulnerabilities, CVE-2023-3012 and CVE-2023-3291, see the References below. References: - https://bugs.mageia.org/show_bug.cgi?id=32016 . MGASA-2024-0027 - Updated gpac packages fix security vulnerabilities Publication date: 09 Feb 2024 URL: https://advisories.mageia.org/MGASA-2024-0027.html Type: security Affected Mageia releases: 9 CVE: CVE-2023-3012, CVE-2023-3291 This update fixes two security vulnerabilities, CVE-2023-3012 and CVE-2023-3291, see the References below. References: - https://bugs.mageia.org/show_bug.cgi?id=32016 - https://www.cve.org/CVERecord?id=CVE-2023-3012 - https://www.cve.org/CVERecord?id=CVE-2023-3291 SRPMS: - 9/tainted/gpac-2.2.1-1.1.mga9.tainted . Mageia 2024-0027 releases an update for gpac to resolve significant security vulnerabilities. Find out more about the issues that have been rectified.. gpac security updates, Mageia vulnerabilities, package security issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Feb 09, 2024 Critical Mageia
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicecritical

Debian: DSA-5452-1 Critical: GPAC Denial Of Service Advisory

Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5452-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff July 14, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gpac CVE ID : CVE-2023-0760 CVE-2023-3012 CVE-2023-3291 Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code. For the oldstable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-4+deb11u3. We recommend that you upgrade your gpac packages. For the detailed security status of gpac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/gpac Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Explore critical vulnerabilities in the GPAC multimedia system that can lead to Denial of Service (DoS) and unauthorized code execution. Check Debian Advisory DSA-5452-1 for details. Debian Security, GPAC Update, Multimedia Vulnerabilities, DoS Issues, Code Execution. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jul 14, 2023 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderatedenial of service

Debian 11 DSA-5411-1 Moderate: Gpac DoS Risk Security Update

Multiple issues were found in GPAC multimedia framework, whcih could result in denial of service or potentially the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in . - ------------------------------------------------------------------------- Debian Security Advisory DSA-5411-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Aron Xu May 26, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gpac CVE ID : CVE-2020-35980 CVE-2021-4043 CVE-2021-21852 CVE-2021-33361 CVE-2021-33363 CVE-2021-33364 CVE-2021-33365 CVE-2021-33366 CVE-2021-36412 CVE-2021-36414 CVE-2021-36417 CVE-2021-40559 CVE-2021-40562 CVE-2021-40563 CVE-2021-40564 CVE-2021-40565 CVE-2021-40566 CVE-2021-40567 CVE-2021-40568 CVE-2021-40569 CVE-2021-40570 CVE-2021-40571 CVE-2021-40572 CVE-2021-40574 CVE-2021-40575 CVE-2021-40576 CVE-2021-40592 CVE-2021-40606 CVE-2021-40608 CVE-2021-40609 CVE-2021-40944 CVE-2021-41456 CVE-2021-41457 CVE-2021-41459 CVE-2021-45262 CVE-2021-45263 CVE-2021-45267 CVE-2021-45291 CVE-2021-45292 CVE-2021-45297 CVE-2021-45760 CVE-2021-45762 CVE-2021-45763 CVE-2021-45764 CVE-2021-45767 CVE-2021-45831 CVE-2021-46038 CVE-2021-46039 CVE-2021-46040 CVE-2021-46041 CVE-2021-46042 CVE-2021-46043 CVE-2021-46044 CVE-2021-46045 CVE-2021-46046 CVE-2021-46047 CVE-2021-46049 CVE-2021-46051 CVE-2022-1035 CVE-2022-1222 CVE-2022-1441 CVE-2022-1795 CVE-2022-2454 CVE-2022-3222 CVE-2022-3957 CVE-2022-4202 CVE-2022-24574 CVE-2022-24577 CVE-2022-24578 CVE-2022-26967 CVE-2022-27145 CVE-2022-27147 CVE-2022-29537CVE-2022-36190 CVE-2022-36191 CVE-2022-38530 CVE-2022-43255 CVE-2022-45202 CVE-2022-45283 CVE-2022-45343 CVE-2022-47086 CVE-2022-47091 CVE-2022-47094 CVE-2022-47095 CVE-2022-47657 CVE-2022-47659 CVE-2022-47660 CVE-2022-47661 CVE-2022-47662 CVE-2022-47663 CVE-2023-0770 CVE-2023-0818 CVE-2023-0819 CVE-2023-0866 CVE-2023-1448 CVE-2023-1449 CVE-2023-1452 CVE-2023-1654 CVE-2023-2837 CVE-2023-2838 CVE-2023-2839 CVE-2023-2840 CVE-2023-23143 CVE-2023-23144 CVE-2023-23145 Multiple issues were found in GPAC multimedia framework, whcih could result in denial of service or potentially the execution of arbitrary code. For the stable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-4+deb11u2. We recommend that you upgrade your gpac packages. For the detailed security status of gpac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/gpac Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Enhance your gpac installation on Debian bullseye to address vulnerabilities related to potential denial of service and arbitrary code execution. Maintain your security!. Debian Gpac Update, Security Advisory DSA-5411-1, Multimedia Framework Fixes. . LinuxSecurity.com Team

Calendar 2 May 26, 2023 Debian
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorycriticalmemory corruption

Mageia 2021-0431 Critical Security Update: Gpac Heap Overflow Info

A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21834) A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause . MGASA-2021-0431 - Updated gpac packages fix security vulnerability Publication date: 23 Sep 2021 URL: https://advisories.mageia.org/MGASA-2021-0431.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-21834, CVE-2021-21836, CVE-2021-21837, CVE-2021-21838, CVE-2021-21839, CVE-2021-21840, CVE-2021-21841, CVE-2021-21842, CVE-2021-21843, CVE-2021-21844, CVE-2021-21845, CVE-2021-21846, CVE-2021-21847, CVE-2021-21848, CVE-2021-21849, CVE-2021-21850, CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21857, CVE-2021-21858, CVE-2021-21859, CVE-2021-21860, CVE-2021-21861 A specially crafted MPEG-4 input when decoding the atom for the "co64" FOURCC can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21834) A specially crafted MPEG-4 input using the "ctts" FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21836) A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21837, CVE-2021-21838, CVE-2021-21839) A specially crafted MPEG-4 input used to process an atom using the "saio" FOURCC code cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21840) A specially crafted MPEG-4 input when reading an atom using the 'sbgp' FOURCC code can cause an integer overflow due to unchecked arithmetic resulting in aheap-based buffer overflow that causes memory corruption. (CVE-2021-21841) A specially crafted MPEG-4 input can cause an integer overflow when processing an atom using the 'ssix' FOURCC code, due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21842) A specially crafted MPEG-4 input can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. After validating the number of ranges, at [41] the library will multiply the count by the size of the GF_SubsegmentRangeInfo structure. On a 32-bit platform, this multiplication can result in an integer overflow causing the space of the array being allocated to be less than expected. (CVE-2021-21843) A specially crafted MPEG-4 input when encountering an atom using the "stco" FOURCC code, can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21844) A specially crafted MPEG-4 input in "stsc" decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21845) A specially crafted MPEG-4 input in "stsz&" decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21846) A specially crafted MPEG-4 input in "stts" decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21847) The library will actually reuse the parser for atoms with the "stsz" FOURCC code when parsing atoms that use the "stz2" FOURCC code and can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21848) A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the "tfra" FOURCC code due tounchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21849) A specially crafted MPEG-4 input can cause an integer overflow when the library encounters an atom using the "trun" FOURCC code due to unchecked arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21850) A specially crafted MPEG-4 input can cause an integer overflow due to unchecked addition arithmetic resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21853, CVE-2021-21854, CVE-2021-21855, CVE-2021-21857, CVE-2021-21858) The stri_box_read function is used when processing atoms using the 'stri' FOURCC code. (CVE-2021-21859) A specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. The FOURCC code, 'trik', is parsed by the function within the library. (CVE-2021-21860) When processing the 'hdlr' FOURCC code, a specially crafted MPEG-4 input can cause an improper memory allocation resulting in a heap-based buffer overflow that causes memory corruption. (CVE-2021-21861) References: - https://bugs.mageia.org/show_bug.cgi?id=29432 - https://lists.debian.org/debian-security-announce/2021/msg00151.html - https://www.cve.org/CVERecord?id=CVE-2021-21834 - https://www.cve.org/CVERecord?id=CVE-2021-21836 - https://www.cve.org/CVERecord?id=CVE-2021-21837 - https://www.cve.org/CVERecord?id=CVE-2021-21838 - https://www.cve.org/CVERecord?id=CVE-2021-21839 - https://www.cve.org/CVERecord?id=CVE-2021-21840 - https://www.cve.org/CVERecord?id=CVE-2021-21841 - https://www.cve.org/CVERecord?id=CVE-2021-21842 - https://www.cve.org/CVERecord?id=CVE-2021-21843 - https://www.cve.org/CVERecord?id=CVE-2021-21844 - https://www.cve.org/CVERecord?id=CVE-2021-21845 - https://www.cve.org/CVERecord?id=CVE-2021-21846 - https://www.cve.org/CVERecord?id=CVE-2021-21847 - https://www.cve.org/CVERecord?id=CVE-2021-21848 - https://www.cve.org/CVERecord?id=CVE-2021-21849 -https://www.cve.org/CVERecord?id=CVE-2021-21850 - https://www.cve.org/CVERecord?id=CVE-2021-21853 - https://www.cve.org/CVERecord?id=CVE-2021-21854 - https://www.cve.org/CVERecord?id=CVE-2021-21855 - https://www.cve.org/CVERecord?id=CVE-2021-21857 - https://www.cve.org/CVERecord?id=CVE-2021-21858 - https://www.cve.org/CVERecord?id=CVE-2021-21859 - https://www.cve.org/CVERecord?id=CVE-2021-21860 - https://www.cve.org/CVERecord?id=CVE-2021-21861 SRPMS: - 8/tainted/gpac-1.0.1-1.1.mga8.tainted . Mageia 2021-0432 introduces vital patches targeting several buffer overflows in ffmpeg for improved protection.. mpeg-4 decoder, security update, memory issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Sep 23, 2021 Critical Mageia
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorymoderatedenial of service

Debian Bullseye: DSA-4966-1 Moderate Advisory for GPAC DoS Vulnerabilities

Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code. The oldstable distribution (buster) is not affected. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4966-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff August 31, 2021 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : gpac CVE ID : CVE-2021-21834 CVE-2021-21836 CVE-2021-21837 CVE-2021-21838 CVE-2021-21839 CVE-2021-21840 CVE-2021-21841 CVE-2021-21842 CVE-2021-21843 CVE-2021-21844 CVE-2021-21845 CVE-2021-21846 CVE-2021-21847 CVE-2021-21848 CVE-2021-21849 CVE-2021-21850 CVE-2021-21853 CVE-2021-21854 CVE-2021-21855 CVE-2021-21857 CVE-2021-21858 CVE-2021-21859 CVE-2021-21860 CVE-2021-21861 Multiple security issues were discovered in the GPAC multimedia framework which could result in denial of service or the execution of arbitrary code. The oldstable distribution (buster) is not affected. For the stable distribution (bullseye), these problems have been fixed in version 1.0.1+dfsg1-4+deb11u1. We recommend that you upgrade your gpac packages. For the detailed security status of gpac please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/gpac Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Numerous vulnerabilities identified in the GPAC media processing library pose risks of denial-of-service and arbitrary code execution. Update highly advised.. Debian Security Update,GpacSecurity Issues,Multimedia Framework. . LinuxSecurity.com Team

Calendar 2 Aug 31, 2021 Debian
203
Ls Advisories Mageia Esm H240
Price Tag 1security advisorydenial of servicebuffer overflow

Mageia 7 Advisory: 2020-0137 Critical: GPAC Denial Of Service

The updated packages fix security vulnerabilities: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. . MGASA-2020-0137 - Updated gpac packages fix security vulnerabilities Publication date: 10 Mar 2020 URL: https://advisories.mageia.org/MGASA-2020-0137.html Type: security Affected Mageia releases: 7 CVE: CVE-2018-21015, CVE-2018-21016, CVE-2019-13618, CVE-2019-20161, CVE-2019-20162, CVE-2019-20163, CVE-2019-20165, CVE-2019-20170, CVE-2019-20171, CVE-2019-20208 The updated packages fix security vulnerabilities: AVC_DuplicateConfig() at isomedia/avc_ext.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted file. There is "cfg_new-> AVCLevelIndication = cfg-> AVCLevelIndication;" but cfg could be NULL. (CVE-2018-21015) audio_sample_entry_AddBox() at isomedia/box_code_base.c in GPAC 0.7.1 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file. (CVE-2018-21016) In GPAC before 0.8.0, isomedia/isom_read.c in libgpac.a has a heap-based buffer over-read, as demonstrated by a crash in gf_m2ts_sync in media_tools/mpegts.c. (CVE-2019-13618) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. (CVE-2019-20161) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. (CVE-2019-20162) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is a NULL pointer dereference in the function gf_odf_avc_cfg_write_bs() in odf/descriptors.c. (CVE-2019-20163) An issue was discovered in GPAC version 0.8.0 and0.9.0-development- 20191109. There is a NULL pointer dereference in the function ilst_item_Read() in isomedia/box_code_apple.c. (CVE-2019-20165) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There is an invalid pointer dereference in the function GF_IPMPX_AUTH_Delete() in odf/ipmpx_code.c. (CVE-2019-20170) An issue was discovered in GPAC version 0.8.0 and 0.9.0-development- 20191109. There are memory leaks in metx_New in isomedia/box_code_base.c and abst_Read in isomedia/box_code_adobe.c. (CVE-2019-20171) dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. (CVE-2019-20208) References: - https://bugs.mageia.org/show_bug.cgi?id=26131 - https://lists.debian.org/debian-lts-announce/2020/01/msg00017.html - https://www.cve.org/CVERecord?id=CVE-2018-21015 - https://www.cve.org/CVERecord?id=CVE-2018-21016 - https://www.cve.org/CVERecord?id=CVE-2019-13618 - https://www.cve.org/CVERecord?id=CVE-2019-20161 - https://www.cve.org/CVERecord?id=CVE-2019-20162 - https://www.cve.org/CVERecord?id=CVE-2019-20163 - https://www.cve.org/CVERecord?id=CVE-2019-20165 - https://www.cve.org/CVERecord?id=CVE-2019-20170 - https://www.cve.org/CVERecord?id=CVE-2019-20171 - https://www.cve.org/CVERecord?id=CVE-2019-20208 SRPMS: - 7/tainted/gpac-0.7.1-6.1.mga7.tainted . Recent updates to GPAC packages resolve critical vulnerabilities and address potential denial of service threats present in the Mageia distribution. Discover further details.. gpac Security, Mageia Advisory, Application Crash, Buffer Overflow. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 10, 2020 Critical Mageia
Banner 2 1028x280 1708121730 1 1771599631
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here