[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1791-1] faad2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : faad2
Version        : 2.7-8+deb8u2
CVE ID         : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362

Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio
Coder:

CVE-2018-20194
CVE-2018-20197

    Improper handling of implicit channel mapping reconfiguration leads to
    multiple heap based buffer overflow issues. These flaws might be leveraged
    by remote attackers to cause DoS.

CVE-2018-20198
CVE-2018-20362

    Insufficient user input validation in the sbr_hfadj module leads to
    stack-based buffer underflow issues. These flaws might be leveraged by
    remote attackers to cause DoS or any other unspecified impact.

For Debian 8 "Jessie", these problems have been fixed in version
2.7-8+deb8u2.

We recommend that you upgrade your faad2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlzhXiYACgkQZYVUZx9w
0DSd7AgAnx+bcGQQ52QVsGN9pp7pNXewl2T2e0u9T9FnJtBEULdps/FOBcX7hD73
WXFuJ8KKB8fnYmvyaqEH4YBJfLK+oBZltafogg23Y8vU4X9b1w0RaMQUI0kfYVwy
7sxEX5j45I9N10gW0g0aBpHo0Clan2N8Yp7JaOyDgQ5oT/IHp0T9QH5n7B3sU0No
xNCtJ4WpCC0BRUVKYiyN2eRNOFW+MZ1w8Z2JCuF1fxtMWNWJ5vLn0UbYgGbSNrqn
PQbA92rFi/riY8oFGBhgoDaOIoygdAl0+0nagAmQEb0gn1A1GBfoIBzPKd81xrL4
Sd5hfA0xD2MBG6K3jr9pu9hNjIdVEw==
=rojk
-----END PGP SIGNATURE-----


Reply to: