Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-announce

From: Aaron Bauman <bman@g.o>
To: gentoo-announce@l.g.o
Subject: [gentoo-announce] [ GLSA 202006-17 ] FAAD2: Multiple vulnerabilities
Date: Mon, 15 Jun 2020 16:44:16
Message-Id: 20200615155041.GF17996@bubba
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 202006-17
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 https://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: Normal
8 Title: FAAD2: Multiple vulnerabilities
9 Date: June 15, 2020
10 Bugs: #695540
11 ID: 202006-17
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Multiple vulnerabilities have been found in FAAD2, the worst of which
19 could result in the arbitrary execution of code.
20
21 Background
22 ==========
23
24 FAAD2 is an open source MPEG-4 and MPEG-2 AAC decoder.
25
26 Affected packages
27 =================
28
29 -------------------------------------------------------------------
30 Package / Vulnerable / Unaffected
31 -------------------------------------------------------------------
32 1 media-libs/faad2 < 2.9.0 >= 2.9.0
33
34 Description
35 ===========
36
37 Multiple vulnerabilities have been discovered in FAAD2. Please review
38 the CVE identifiers referenced below for details.
39
40 Impact
41 ======
42
43 Please review the referenced CVE identifiers for details.
44
45 Workaround
46 ==========
47
48 There is no known workaround at this time.
49
50 Resolution
51 ==========
52
53 All FAAD2 users should upgrade to the latest version:
54
55 # emerge --sync
56 # emerge --ask --oneshot --verbose ">=media-libs/faad2-2.9.0"
57
58 References
59 ==========
60
61 [ 1 ] CVE-2018-19502
62 https://nvd.nist.gov/vuln/detail/CVE-2018-19502
63 [ 2 ] CVE-2018-19503
64 https://nvd.nist.gov/vuln/detail/CVE-2018-19503
65 [ 3 ] CVE-2018-19504
66 https://nvd.nist.gov/vuln/detail/CVE-2018-19504
67 [ 4 ] CVE-2018-20194
68 https://nvd.nist.gov/vuln/detail/CVE-2018-20194
69 [ 5 ] CVE-2018-20195
70 https://nvd.nist.gov/vuln/detail/CVE-2018-20195
71 [ 6 ] CVE-2018-20196
72 https://nvd.nist.gov/vuln/detail/CVE-2018-20196
73 [ 7 ] CVE-2018-20197
74 https://nvd.nist.gov/vuln/detail/CVE-2018-20197
75 [ 8 ] CVE-2018-20198
76 https://nvd.nist.gov/vuln/detail/CVE-2018-20198
77 [ 9 ] CVE-2018-20199
78 https://nvd.nist.gov/vuln/detail/CVE-2018-20199
79 [ 10 ] CVE-2018-20357
80 https://nvd.nist.gov/vuln/detail/CVE-2018-20357
81 [ 11 ] CVE-2018-20358
82 https://nvd.nist.gov/vuln/detail/CVE-2018-20358
83 [ 12 ] CVE-2018-20359
84 https://nvd.nist.gov/vuln/detail/CVE-2018-20359
85 [ 13 ] CVE-2018-20360
86 https://nvd.nist.gov/vuln/detail/CVE-2018-20360
87 [ 14 ] CVE-2018-20361
88 https://nvd.nist.gov/vuln/detail/CVE-2018-20361
89 [ 15 ] CVE-2018-20362
90 https://nvd.nist.gov/vuln/detail/CVE-2018-20362
91 [ 16 ] CVE-2019-15296
92 https://nvd.nist.gov/vuln/detail/CVE-2019-15296
93 [ 17 ] CVE-2019-6956
94 https://nvd.nist.gov/vuln/detail/CVE-2019-6956
95
96 Availability
97 ============
98
99 This GLSA and any updates to it are available for viewing at
100 the Gentoo Security Website:
101
102 https://security.gentoo.org/glsa/202006-17
103
104 Concerns?
105 =========
106
107 Security is a primary focus of Gentoo Linux and ensuring the
108 confidentiality and security of our users' machines is of utmost
109 importance to us. Any security concerns should be addressed to
110 security@g.o or alternatively, you may file a bug at
111 https://bugs.gentoo.org.
112
113 License
114 =======
115
116 Copyright 2020 Gentoo Foundation, Inc; referenced text
117 belongs to its owner(s).
118
119 The contents of this document are licensed under the
120 Creative Commons - Attribution / Share Alike license.
121
122 https://creativecommons.org/licenses/by-sa/2.5

Attachments

File name MIME type
signature.asc application/pgp-signature
Report Message
Find on MARC Find on Google Groups