Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
202
security advisorymoderatebuffer overflowopenSUSE Leap 15.1: 2020:0545-1 Moderate: VLC Buffer Overflow Issues
An update that fixes 12 vulnerabilities is now available.. openSUSE Security Update: Security update for vlc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:0545-1 Rating: moderate References: #1142161 #1146428 Cross-References: CVE-2019-13602 CVE-2019-13962 CVE-2019-14437 CVE-2019-14438 CVE-2019-14498 CVE-2019-14533 CVE-2019-14534 CVE-2019-14535 CVE-2019-14776 CVE-2019-14777 CVE-2019-14778 CVE-2019-14970 Affected Products: openSUSE Leap 15.1 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for vlc fixes the following issues: vlc was updated to version 3.0.9.2: + Misc: Properly bump the version in configure.ac. Changes from version 3.0.9.1: + Misc: Fix VLSub returning 401 for earch request. Changes from version 3.0.9: + Core: Work around busy looping when playing an invalid item through VLM. + Access: * Multiple dvdread and dvdnav crashs fixes * Fixed DVD glitches on clip change * Fixed dvdread commands/data sequence inversion in some cases causing unwanted glitches * Better handling of authored as corrupted DVD * Added libsmb2 support for SMB2/3 shares + Demux: * Fix TTML entities not passed to decoder * Fixed some WebVTT styling tags being not applied * Misc raw H264/HEVC frame rate fixes * Fix adaptive regression on TS format change (mostly HLS) * Fixed MP4 regression with twos/sowt PCM audio * Fixed some MP4 raw quicktime and ms-PCM audio * Fixed MP4 interlacing handling * Multiple adaptive stack (DASH/HLS/Smooth) fixes * Enabled Live seeking for HLS * Fixed seeking in some cases for HLS * Improved Live playback for Smooth and DASH * Fixed adaptive unwanted end of stream insome cases * Faster adaptive start and new buffering control options + Packetizers: * Fixes H264/HEVC incomplete draining in some cases * packetizer_helper: Fix potential trailing junk on last packet * Added missing drain in packetizers that was causing missing last frame or audio * Improved check to prevent fLAC synchronization drops + Decoder: * avcodec: revector video decoder to fix incomplete drain * spudec: implemented palette updates, fixing missing subtitles on some DVD * Fixed WebVTT CSS styling not being applied on Windows/macOS * Fixed Hebrew teletext pages support in zvbi * Fixed Dav1d aborting decoding on corrupted picture * Extract and display of all CEA708 subtitles * Update libfaad to 2.9.1 * Add DXVA support for VP9 Profile 2 (10 bits) * Mediacodec aspect ratio with Amazon devices + Audio output: * Added support for iOS audiounit audio above 48KHz * Added support for amem audio up to 384KHz + Video output: * Fix for opengl glitches in some drivers * Fix GMA950 opengl support on macOS * YUV to RGB StretchRect fixes with NVIDIA drivers * Use libpacebo new tone mapping desaturation algorithm + Text renderer: * Fix crashes on macOS with SSA/ASS subtitles containing emoji * Fixed unwanted growing background in Freetype rendering and Y padding + Mux: Fixed some YUV mappings + Service Discovery: Update libmicrodns to 0.1.2. + Misc: * Update YouTube, SoundCloud and Vocaroo scripts: this restores playback of YouTube URLs. * Add missing .wpl & .zpl file associations on Windows * Improved chromecast audio quality Update to version 3.0.8 'vetinari': + Fix stuttering for low framerate videos + Improve adaptive streaming + Improve audio output for external audio devices on macOS/iOS + Fix hardware acceleration with Direct3D11 for some AMD drivers + Fix WebVTT subtitles rendering + Vetinari is a major release changing a lotin the media engine of VLC. It is one of the largest release we've ever done. Notably, it: - activates hardware decoding on all platforms, of H.264 & H.265, 8 & 10bits, allowing 4K60 or even 8K decoding with little CPU consumption, - merges all the code from the mobile ports into the same codebase with common numbering and releases, - supports 360 video and 3D audio, and prepares for VR content, - supports direct HDR and HDR tone-mapping, - updates the audio passthrough for HD Audio codecs, - allows browsing of local network drives like SMB, FTP, SFTP, NFS... - stores the passwords securely, - brings a new subtitle rendering engine, supporting ComplexTextLayout and font fallback to support multiple languages and fonts, - supports ChromeCast with the new renderer framework, - adds support for numerous new formats and codecs, including WebVTT, AV1, TTML, HQX, 708, Cineform, and many more, - improves Bluray support with Java menus, aka BD-J, - updates the macOS interface with major cleaning and improvements, - support HiDPI UI on Windows, with the switch to Qt5, - prepares the experimental support for Wayland on Linux, and switches to OpenGL by default on Linux. + Security fixes included: * Fix a buffer overflow in the MKV demuxer (CVE-2019-14970) * Fix a read buffer overflow in the avcodec decoder (CVE-2019-13962) * Fix a read buffer overflow in the FAAD decoder * Fix a read buffer overflow in the OGG demuxer (CVE-2019-14437, CVE-2019-14438) * Fix a read buffer overflow in the ASF demuxer (CVE-2019-14776) * Fix a use after free in the MKV demuxer (CVE-2019-14777, CVE-2019-14778) * Fix a use after free in the ASF demuxer (CVE-2019-14533) * Fix a couple of integer underflows in the MP4 demuxer (CVE-2019-13602) * Fix a null dereference in the dvdnav demuxer * Fix a null dereference in the ASF demuxer (CVE-2019-14534) *Fix a null dereference in the AVI demuxer * Fix a division by zero in the CAF demuxer (CVE-2019-14498) * Fix a division by zero in the ASF demuxer (CVE-2019-14535) - Disbale mod-plug for the time being: libmodplug 0.8.9 is not yet available. - Disable SDL_image (SDL 1.2) based codec. It is only a wrapper around some image loading libraries (libpng, libjpeg, ...) which are either wrapped by vlc itself (libpng_plugin.so) or via libavcodec (libavcodec_plugin.so). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.1: zypper in -t patch openSUSE-2020-545=1 Package List: - openSUSE Leap 15.1 (noarch): vlc-lang-3.0.9.2-lp151.6.6.1 - openSUSE Leap 15.1 (x86_64): libvlc5-3.0.9.2-lp151.6.6.1 libvlc5-debuginfo-3.0.9.2-lp151.6.6.1 libvlccore9-3.0.9.2-lp151.6.6.1 libvlccore9-debuginfo-3.0.9.2-lp151.6.6.1 vlc-3.0.9.2-lp151.6.6.1 vlc-codec-gstreamer-3.0.9.2-lp151.6.6.1 vlc-codec-gstreamer-debuginfo-3.0.9.2-lp151.6.6.1 vlc-debuginfo-3.0.9.2-lp151.6.6.1 vlc-debugsource-3.0.9.2-lp151.6.6.1 vlc-devel-3.0.9.2-lp151.6.6.1 vlc-jack-3.0.9.2-lp151.6.6.1 vlc-jack-debuginfo-3.0.9.2-lp151.6.6.1 vlc-noX-3.0.9.2-lp151.6.6.1 vlc-noX-debuginfo-3.0.9.2-lp151.6.6.1 vlc-opencv-3.0.9.2-lp151.6.6.1 vlc-opencv-debuginfo-3.0.9.2-lp151.6.6.1 vlc-qt-3.0.9.2-lp151.6.6.1 vlc-qt-debuginfo-3.0.9.2-lp151.6.6.1 vlc-vdpau-3.0.9.2-lp151.6.6.1 vlc-vdpau-debuginfo-3.0.9.2-lp151.6.6.1 References: https://www.suse.com/security/cve/CVE-2019-13602.html https://www.suse.com/security/cve/CVE-2019-13962.html https://www.suse.com/security/cve/CVE-2019-14437.html https://www.suse.com/security/cve/CVE-2019-14438.html https://www.suse.com/security/cve/CVE-2019-14498.html https://www.suse.com/security/cve/CVE-2019-14533.html https://www.suse.com/security/cve/CVE-2019-14534.html https://www.suse.com/security/cve/CVE-2019-14535.html https://www.suse.com/security/cve/CVE-2019-14776.html https://www.suse.com/security/cve/CVE-2019-14777.html https://www.suse.com/security/cve/CVE-2019-14778.html https://www.suse.com/security/cve/CVE-2019-14970.html https://bugzilla.suse.com/1142161 https://bugzilla.suse.com/1146428 -- . This Fedora patch fixes vulnerabilities in GIMP, improving reliability and functionality.. openSUSE Update, VLC Security Fix, Media Player Security, Software Update. . LinuxSecurity.com Team
Apr 23, 2020
OpenSUSE
197
security advisoryupdatedebianDebian 8: DLA-1793-1 Important Security Update For dhcpcd5 - Read Overflow
It was discovered that there was a read overflow vulnerability in the dhcpcd5 network management protocol client. For Debian 8 "Jessie", this issue has been fixed in dhcpcd5 version . Package : dhcpcd5 Version : 6.0.5-2+deb8u1 CVE ID : CVE-2019-11579 Debian Bug : #928104 It was discovered that there was a read overflow vulnerability in the dhcpcd5 network management protocol client. For Debian 8 "Jessie", this issue has been fixed in dhcpcd5 version 6.0.5-2+deb8u1. Thanks to Roy Marples . We recommend that you upgrade your dhcpcd5 packages. Regards, - -- ,'`. : :' : Chris Lamb `. `'`
May 19, 2019
•Important
Debian LTS
89
security advisoryfedorabuffer overflowFedora 9: 2009-2834 Critical: Krb5 Buffer Overflow and Pointer Flaws
This update incorporates patches to fix potential read overflow and NULL pointer dereferences in the implementation of the SPNEGO GSSAPI mechanism (CVE-2009-0844, CVE-2009-0845), attempts to free an uninitialized pointer during protocol parsing (CVE-2009-0846), and a bug in length validation during protocol parsing (CVE-2009-0847).. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2009-2834 2009-03-18 18:33:30 --------------------------------------------------------------------------------Name : krb5 Product : Fedora 9 Version : 1.6.3 Release : 16.fc9 URL : http://web.mit.edu/kerberos/www/ Summary : The Kerberos network authentication system. Description : Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. --------------------------------------------------------------------------------Update Information: This update incorporates patches to fix potential read overflow and NULL pointer dereferences in the implementation of the SPNEGO GSSAPI mechanism (CVE-2009-0844, CVE-2009-0845), attempts to free an uninitialized pointer during protocol parsing (CVE-2009-0846), and a bug in length validation during protocol parsing (CVE-2009-0847). --------------------------------------------------------------------------------ChangeLog: * Tue Apr 7 2009 Nalin Dahyabhai 1.6.3-16 - add patches for read overflow and null pointer dereference in the implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845) - add patch for attempt to free uninitialized pointer in libkrb5 (CVE-2009-0846) - add patch to fix length validation bug in libkrb5 (CVE-2009-0847) * Mon Apr 6 2009 Nalin Dahyabhai - pull in a couple of defuzzed patches from the F-10 version of this package, dropping a redundant man page patch in the process * Tue Mar 17 2009 Nalin Dahyabhai 1.6.3-15 - libgssapi_krb5: backport fix for some errors which can occur when we fail to set up the server half of a context (CVE-2009-0845) * Sat Jun 14 2008 Tom "spot" Callaway 1.6.3-14 - generate src/include/krb5/krb5.h before building - fix conditional for sparcv9 * Wed Apr 16 2008 Nalin Dahyabhai 1.6.3-13 - ftp: use the correct local filename during mget when the 'case' option is enabled (#442713) * Fri Apr 4 2008 Nalin Dahyabhai 1.6.3-12 - stop exporting kadmin keys to a keytab file when kadmind starts -- the daemon's been able to use the database directly for a long long time now - belatedly add aes128,aes256 to the default set of supported key types * Tue Apr 1 2008 Nalin Dahyabhai 1.6.3-11 - libgssapi_krb5: properly export the acceptor subkey when creating a lucid context (Kevin Coffman, via the nfs4 mailing list) --------------------------------------------------------------------------------References: [ 1 ] Bug #490634 - CVE-2009-0845 krb5: Null pointer dereference in GSSAPI SPNEGO security mechanism https://bugzilla.redhat.com/show_bug.cgi?id=490634 [ 2 ] Bug #491033 - CVE-2009-0844 krb5: buffer over-read in SPNEGO GSS-API mechanism (MITKRB5-SA-2009-001) https://bugzilla.redhat.com/show_bug.cgi?id=491033 [ 3 ] Bug #491036 - CVE-2009-0846 krb5: ASN.1 decoder can free uninitialized pointer when decoding an invalid encoding (MITKRB5-SA-2009-002) https://bugzilla.redhat.com/show_bug.cgi?id=491036 [ 4 ] Bug #491034 - CVE-2009-0847 krb5: incorrect length check inside ASN.1 decoder (MITKRB5-SA-2009-001) https://bugzilla.redhat.com/show_bug.cgi?id=491034 --------------------------------------------------------------------------------This update can be installed with the "yum" update program. Use su -c 'yum update krb5' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by theFedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailing list
Apr 07, 2009
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!