|
|
Log in / Subscribe / Register

Debian alert DLA-1077-1 (faad2)



From:
    	      Markus Koschany <apo@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 1077-1] faad2 security update 


Date:
    	      Wed, 30 Aug 2017 20:47:19 +0200


Message-ID:
    	      <37683cfb-7046-dc3d-3bba-fbd7c0992bbd@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : faad2
Version        : 2.7-8+deb7u1
CVE ID         : CVE-2017-9218 CVE-2017-9219 CVE-2017-9220 CVE-2017-9221
                 CVE-2017-9222 CVE-2017-9223 CVE-2017-9253 CVE-2017-9254
                 CVE-2017-9255 CVE-2017-9256 CVE-2017-9257
Debian Bug     : 867724

Various security issues were discovered in faad2, a fast audio
decoder, that would allow remote attackers to cause a denial of
service (application crash due to memory failures or large CPU
consumption) via a crafted mp4 file.

For Debian 7 "Wheezy", these problems have been fixed in version
2.7-8+deb7u1.

We recommend that you upgrade your faad2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmnCDZfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTjpw/+OEGIMzwOYm1G3lupUvluuxD9/5Vs5gpdKf3tgj2++qpivF5TGGPYy6Bf
VHi/BPWOYJqn+Q2rmgNmX1FfOty4NXGI9DX7usaRMPyf2NEWo8G8+tZ0L0MC1HUQ
48oDl8ogSbsBNUQYtBei3BCY6V5oviMlYcsxZA8WkBpjB9BKyCK0D4n+dSzeEuH4
C7DcYAFQi1+Cur+w6RDNYxgu42NV9QVdJ32WAI83SF4mUxHOU5fKqjZOWa/Jy4pg
q3WzryK9LmtZ1o7G+WaJ5xTF7qHImdt+X2BBcfR7khj7r6H1OVvj+eYuli0dj7IP
0Q7E8juNroLoA7N6i4C8eo5Bc+gJAYhdp6zuG3Z9PV+3beBAIUYJnza6SqeB1Zbb
FDCyTY+TFC7L+ucZCa99LWA0wR8kNCW6T/dhCA6mUhPkvDxFYwyN3OWurOc8Nl9p
X8Cf1g5tBbnRdXwYaqLnHM23ys4eKToFeltKndt8GgAGJSFsYhXgyK9U12e85rP7
1vbIiztOsKtOiSutfsiDgnTYsZKfcmwM/4uMhuDQQrUSOCyyeZW2vDyDaT8oo/ow
STswXvTVZGjB3mjb3okRSbKoJmR+OJ2s4y8DKtA7icv/p42CqyJ5rOnJ1KRKMHTy
E//ht98QivXvNHQvFHwhbJgzmykU58vrpJHh+yG2EjzfnKnd3wk=
=9JFZ
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds