Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
91
security advisorygentooarbitrary code executionGentoo: GLSA-202303-01 Moderate: Security Flaws Found in RTMPDump
Multiple vulnerabilities have been found in RTMPDump, the worst of which could lead to arbitrary code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201702-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: RTMPDump: Multiple vulnerabilities Date: February 06, 2017 Bugs: #570242 ID: 201702-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in RTMPDump, the worst of which could lead to arbitrary code execution. Background ========= RTMPDump is an RTMP client intended to stream audio or video flash content Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-video/rtmpdump < 2.4_p20161210 > = 2.4_p20161210 Description ========== Multiple vulnerabilities have been discovered in RTMPDump. The following is a list of vulnerabilities fixed: * Additional decode input size checks * Ignore zero-length packets * Potential integer overflow in RTMPPacket_Alloc(). * Obsolete RTMPPacket_Free() call left over from original C++ to C rewrite * AMFProp_GetObject must make sure the prop is actually an object Impact ===== A remote attacker could entice a user to open a specially crafted media flash file using RTMPDump. This could possibly result in the execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All RTMPDump users should upgrade to the latest version: # emerge --sync # emerge--ask --oneshot -v "> =media-video/rtmpdump-2.4_p20161210" References ========= [ 1 ] OSS ML CVE Request https://www.openwall.com/lists/oss-security/2015/12/30/1 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201702-02 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Feb 06, 2017
Gentoo
91
security advisorygentoointeger overflowGentoo: 202303-08 High: libpng Memory Corruption Vulnerability
Timothy B. Terriberry discovered that libvpx contains an integer overflow vulnerability in the processing of video streams that may allow user-assisted execution of arbitrary code. [More...]. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201101-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: libvpx: User-assisted execution of arbitrary code Date: January 15, 2011 Bugs: #345559 ID: 201101-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Timothy B. Terriberry discovered that libvpx contains an integer overflow vulnerability in the processing of video streams that may allow user-assisted execution of arbitrary code. Background ========= libvpx is the VP8 codec SDK used to encode and decode video streams, typically within a WebM format media file. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libvpx < 0.9.5 > = 0.9.5 Description ========== libvpx is vulnerable to an integer overflow vulnerability when processing crafted VP8 video streams. Impact ===== A remote attacker could entice a user to open a specially crafted media file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service. Workaround ========= There is no known workaround at this time. Resolution ========= All libvpx users should upgrade to the latest stable version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/libvpx-0.9.5" Packages whichdepend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. References ========= [ 1 ] CVE-2010-4203 https://www.cve.org/CVERecord?id=CVE-2010-4203 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201101-03 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 15, 2011
•Important
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!