drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in GPAC
| Name: |
Mehrere Probleme in GPAC |
|
| ID: |
USN-7320-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS |
|
| Datum: |
Do, 6. März 2025, 06:50 |
|
| Referenzen: |
https://www.cve.org/CVERecord?id=CVE-2024-0322
https://www.cve.org/CVERecord?id=CVE-2024-0321
https://www.cve.org/CVERecord?id=CVE-2023-5520 |
|
| Applikationen: |
GPAC |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============7883622802610682428==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------6fhDeWN45nGSNhneVMtoN8LU"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------6fhDeWN45nGSNhneVMtoN8LU
Content-Type: multipart/mixed;
boundary="------------9qZZaA98wkQxtkUAMcRZHgXL";
protected-headers="v1"
From: Nico Campuzano <nicolas.campuzano@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <2648356b-71bd-4ad1-aeb9-d156ea4dea76@canonical.com>
Subject: [USN-7320-1] GPAC vulnerabilities
--------------9qZZaA98wkQxtkUAMcRZHgXL
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-7320-1
March 04, 2025
gpac vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in GPAC.
Software Description:
- gpac: GPAC Project on Advanced Content
Details:
It was discovered that the GPAC MP4Box utility incorrectly handled certain
AC3 files, which could lead to an out-of-bounds read. A remote attacker
could use this issue to cause MP4Box to crash, resulting in a denial of
service (system crash). This issue only affected Ubuntu 22.04 LTS and
Ubuntu 24.04 LTS. (CVE-2023-5520, CVE-2024-0322)
It was discovered that the GPAC MP4Box utility incorrectly handled certain
malformed text files. If a user or automated system using MP4Box were
tricked into opening a specially crafted RST file, an attacker could use
this issue to cause a denial of service (system crash) or execute arbitrary
code. (CVE-2024-0321)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
gpac 2.2.1+dfsg1-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
gpac-modules-base 2.2.1+dfsg1-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
libgpac12t64 2.2.1+dfsg1-3.1ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gpac 2.0.0+dfsg1-2ubuntu0.1~esm2
Available with Ubuntu Pro
gpac-modules-base 2.0.0+dfsg1-2ubuntu0.1~esm2
Available with Ubuntu Pro
libgpac11 2.0.0+dfsg1-2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gpac 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
Available with Ubuntu Pro
gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
Available with Ubuntu Pro
libgpac4 0.5.2-426-gc5ad4e4+dfsg5-5ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 18.04 LTS
gpac 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
Available with Ubuntu Pro
gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
Available with Ubuntu Pro
libgpac4 0.5.2-426-gc5ad4e4+dfsg5-3ubuntu0.1+esm1
Available with Ubuntu Pro
Ubuntu 16.04 LTS
gpac 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
Available with Ubuntu Pro
gpac-modules-base 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
Available with Ubuntu Pro
libgpac4 0.5.2-426-gc5ad4e4+dfsg5-1ubuntu0.1+esm2
Available with Ubuntu Pro
Ubuntu 14.04 LTS
gpac 0.5.0+svn4288~dfsg1-4ubuntu1+esm2
Available with Ubuntu Pro
gpac-modules-base 0.5.0+svn4288~dfsg1-4ubuntu1+esm2
Available with Ubuntu Pro
libgpac2 0.5.0+svn4288~dfsg1-4ubuntu1+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7320-1
CVE-2023-5520, CVE-2024-0321, CVE-2024-0322
--------------9qZZaA98wkQxtkUAMcRZHgXL--
--------------6fhDeWN45nGSNhneVMtoN8LU
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEEKl1CaPno2Qy4/AU8lFzKVeTWQe4FAmfHlU8FAwAAAAAACgkQlFzKVeTWQe4j
cw//aLNefd+ATT0fPoMZdBE+/tL0CiikRMPD+LMPPgw58kza468+FtAEYKI1+q75MVRSWt3NzQt6
Nx2FYOAI30H3v1RMxmucpBlEbXZD3I4CtUfu/b64BKEXzaHKLcl/qDiuYGfVWMFPdin+oUnSOYG3
8hcODJZOmv/52np+pshf4mY+eD9VSVhNriPUW+uPm8XlJENl18sL7tIpUG3RlmaWWcG68kIz+3eT
k4oCTesmpHZer1EeD9svtasq50MQJYOoL/yDH3V/6eLVisGhno6qNV/c3ZrPx6bZKnb9n+G05kxQ
FXhlpzwRPhM8r58ItvtRUMLOzEGup9BDTv2UzMQxsSrPLCc8oCag/coRpDFS0zQx9VoDAhfnV3cO
zAbS4YJ3GbrK5fwMQliJuM9uqxdoDM2BnFgivl+ZWoWGBAqNJxkVtpTXp9Zi6AxwDhL6fv8D2hmY
VowSlYc20u0HTE7SyS0z8SxDj1pRm9VyvVK1vjIY2VAOEy4HN0gSw7RG71LvD97oAXIhlJM5sXOY
HKVZKAOe3Tpj7TyU1BmMzdm2amH9HjCwjGehC7SPOqBHqyt2bQjKQRiv8aCAPcftP5GR0K6kef34
MIgawLTztaF7Y1CYd/A8BqwTFGjiqJEypFQ333NtfJQWtBEapaMJgCa7pVD0thysfgt1BbMQM1ab
V3k=
=vqIL
-----END PGP SIGNATURE-----
--------------6fhDeWN45nGSNhneVMtoN8LU--
--===============7883622802610682428==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============7883622802610682428==--
|
|
|
|
