[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

rom: Thorsten Alteholz <debian@alteholz.de>
To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update

Package        : gst-plugins-base0.10
Version        : 0.10.36-2+deb8u1
CVE ID         : CVE-2019-9928
Debian Bug     :


The RTSP connection parser in the base GStreamer packages version 0.10, which is a streaming media framework, was vulnerable against an heap-based buffer overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. This could result in a remote code execution.


For Debian 8 "Jessie", this problem has been fixed in version
0.10.36-2+deb8u1.

We recommend that you upgrade your gst-plugins-base0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlzGFRtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEca8xAAtd9naYcxD/5UldaqpI64wHHiaKPMd0z9ntNkxU0HYIEWpbp4TkWWdNJF
ZOlmj4uqB0i4jn8LZrMQL9XrxIQhNvEQDrn7wqfCo2J2s3BwRE84TijUB5nZ41bY
EEOCrQK4Ho4lqIOL2jkYee7E/94kyhmle3LHkrfhk02qxTx3fhl1E1NVFu/UO760
dan2iJe/qJQnzezfIEEqGeUkScEV0kaiMxncfgYAqOlCFxQapFa6kPuCiRmCWbNq
hHLgcoK3FBsSQcBgqZBzQTIC8X3JONQ2uFIZvNjYZuF1PD5bLvuwiTvx398rMpZD
ilhW3S8hoWa3BDezS90n+5yVHcG4RJXQj/PikVEjdN2CR1fWkHkDR0yV+psByI39
XcguVa+QrN7bRKwajEluoIt8fhtKmp6PAdbZW2wK02WJC8Znz5TxocpBNvQDY92a
8yz8q6QQWxdy6XrAgW/nb/6wx8124DT6ctWjQzgP/1yYrYl7FPBePOuek9ZsKVrL
OYf1p/BUtUBq9DL0+Vc3DWGglOlJv+Hrsr7yvXzddNjjKw9q2pdxX3NYliPT2oCO
Ir6ZvHjV+nMRyFGCVF123uFCRxVcX2CpU2AHdo5ye5q3+BGocGRrX3LeWqN07pbP
kzcKNnmi15frhf6hu6xklhWYJfqsh4/qIwE1ik929d9ZZXJ5ceM=
=MzRA
-----END PGP SIGNATURE-----


Reply to: