Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
Category Archives: Debian
Debian Security Advisories
DSA-3818 gst-plugins-bad1.0 – security update
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
DSA-3817 jbig2dec – security update
Multiple security issues have been found in the JBIG2 decoder library,
which may lead to lead to denial of service or the execution of arbitrary
code if a malformed image file (usually embedded in a PDF document) is
opened.
DSA-3815 wordpress – security update
Several vulnerabilities were discovered in wordpress, a web blogging
tool. They would allow remote attackers to delete unintended files,
mount Cross-Site Scripting attacks, or bypass redirect URL validation
mechanisms.
DSA-3816 samba – security update
Jann Horn of Google discovered a time-of-check, time-of-use race
condition in Samba, a SMB/CIFS file, print, and login server for Unix. A
malicious client can take advantage of this flaw by exploting a symlink
race to access areas of the server file system not exported under a
share definition.
DSA-3814 audiofile – security update
Several vulnerabilities have been discovered in the audiofile library,
which may result in denial of service or the execution of arbitrary code
if a malformed audio file is processed.
DSA-3813 r-base – security update
Cory Duplantis discovered a buffer overflow in the R programming
language. A malformed encoding file may lead to the execution of
arbitrary code during PDF generation.
DSA-3812 ioquake3 – security update
It was discovered that ioquake3, a modified version of the ioQuake3 game
engine performs insufficent restrictions on automatically downloaded
content (pk3 files or game code), which allows malicious game servers to
modify configuration settings including driver settings.
DSA-3811 wireshark – security update
It was discovered that wireshark, a network protocol analyzer, contained
several vulnerabilities in the dissectors for ASTERIX, DHCPv6,
NetScaler, LDSS, IAX2, WSP, K12 and STANAG 4607, that could lead to
various crashes, denial-of-service or execution of arbitrary code.
DSA-3810 chromium-browser – security update
Several vulnerabilities have been discovered in the chromium web browser.