drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in AOM
| Name: |
Ausführen beliebiger Kommandos in AOM |
|
| ID: |
USN-7397-1 |
|
| Distribution: |
Ubuntu |
|
| Plattformen: |
Ubuntu 20.04 LTS, Ubuntu 22.04 LTS |
|
| Datum: |
Mo, 31. März 2025, 23:19 |
|
| Referenzen: |
https://ubuntu.com/security/notices/USN-7397-1
https://www.cve.org/CVERecord?id=CVE-2024-5171
https://launchpad.net/ubuntu/+source/aom/3.3.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/aom/1.0.0.errata1-3+deb11u=
https://launchpad.net/ubuntu/+source/aom/1.0.0.errata1-3+deb11u1ubuntu0.1 |
|
| Applikationen: |
aom |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============1314154463776673814==
Content-Language: en-US
Content-Type: multipart/signed; micalg=pgp-sha256;
protocol="application/pgp-signature";
boundary="------------ANhv2lX7JOo8tCMZC1g1vmix"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--------------ANhv2lX7JOo8tCMZC1g1vmix
Content-Type: multipart/mixed;
boundary="------------0r3rEOIQBBWTZzbMcubQGzlI";
protected-headers="v1"
From: Chrisa Oikonomou <chrisa.oikonomou@canonical.com>
Reply-To: Ubuntu Security <security@ubuntu.com>
To: ubuntu-security-announce@lists.ubuntu.com
Message-ID: <9758b55f-fded-4b85-8d2d-a3b14386400c@canonical.com>
Subject: [USN-7397-1] AOM vulnerability
--------------0r3rEOIQBBWTZzbMcubQGzlI
Content-Type: multipart/alternative;
boundary="------------0cOgMsbOQpVG1ttDLxZ0Mu9T"
--------------0cOgMsbOQpVG1ttDLxZ0Mu9T
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64
==========================================================================
Ubuntu Security Notice USN-7397-1
March 31, 2025
aom vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
AOM could be made to crash or run programs if it opened a specially crafted
file.
Software Description:
- aom: AV1 Video Codec Library
Details:
Xiantong Hou discovered that AOM did not properly handle certain malformed
media files. If an application using AOM opened a specially crafted file, a
remote attacker could cause a denial of service, or possibly execute
arbitrary code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS
aom-tools 3.3.0-1ubuntu0.1
libaom-dev 3.3.0-1ubuntu0.1
libaom3 3.3.0-1ubuntu0.1
Ubuntu 20.04 LTS
aom-tools 1.0.0.errata1-3+deb11u1ubuntu0.1
libaom-dev 1.0.0.errata1-3+deb11u1ubuntu0.1
libaom0 1.0.0.errata1-3+deb11u1ubuntu0.1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7397-1
<https://ubuntu.com/security/notices/USN-7397-1>
CVE-2024-5171
Package Information:
https://launchpad.net/ubuntu/+source/aom/3.3.0-1ubuntu0.1
<https://launchpad.net/ubuntu/+source/aom/3.3.0-1ubuntu0.1>
https://launchpad.net/ubuntu/+source/aom/1.0.0.errata1-3+deb11u1ubuntu0.1
<https://launchpad.net/ubuntu/+source/aom/1.0.0.errata1-3+deb11u1ubuntu0.1>
--------------0cOgMsbOQpVG1ttDLxZ0Mu9T
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html>
<html>
<head>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3DUTF=
-8">
</head>
<body>
<p>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D</p>
<div id=3D":1s7" class=3D"a3s aiL ">
Ubuntu Security Notice USN-7397-1<br>
March 31, 2025<br>
<br>
aom vulnerability<br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<wbr>=3D=3D=3D=3D=3D=3D=3D=3D=3D
=
=3D=3D=3D=3D=3D<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 22.04 LTS<br>
- Ubuntu 20.04 LTS<br>
<br>
Summary:<br>
<br>
AOM could be made to crash or run programs if it opened a
specially crafted<br>
file.<br>
<br>
Software Description:<br>
- aom: AV1 Video Codec Library<br>
<br>
Details:<br>
<br>
Xiantong Hou discovered that AOM did not properly handle certain
malformed<br>
media files. If an application using AOM opened a specially
crafted file, a<br>
remote attacker could cause a denial of service, or possibly
execute<br>
arbitrary code.<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 22.04 LTS<br>
=C2=A0 aom-tools=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A03.3.0-1ubuntu0.1<br>
=C2=A0 libaom-dev=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 3.3.0-1ubuntu0.1<br>
=C2=A0 libaom3=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A03.3.0-1ubuntu0.1<br>
<br>
Ubuntu 20.04 LTS<br>
=C2=A0 aom-tools=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0
=C2=A01.0.0.errata1-3+deb11u1ubuntu<wbr>0.1<br>
=C2=A0 libaom-dev=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 1.0.0.errata1-3+deb11u1ubuntu0<wbr>.1<br>
=C2=A0 libaom0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0=
=C2=A0 =C2=A0 =C2=A0 =C2=A0
=C2=A01.0.0.errata1-3+deb11u1ubuntu<wbr>0.1<=
br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
=C2=A0 <a href=3D"https://ubuntu.com/security/notices/USN-7397-1"
rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://ubuntu.com=
/security/notices/USN-7397-1&source=3Dgmail&ust=3D174352285457700
=
0&usg=3DAOvVaw2q3QyQ-IpVKhVxxTGIOy0-">https://ubuntu.com/security/no<=
wbr>tices/USN-7397-1</a><br>
=C2=A0 CVE-2024-5171<br>
<br>
Package Information:<br>
=C2=A0 <a
href=3D"https://launchpad.net/ubuntu/+source/aom/3.3.0-1ubuntu0.1=
"
rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/aom/3.3.0-1ubuntu0.1&source=3Dgmail&ust=3D17
=
43522854577000&usg=3DAOvVaw0ToumKR1tY5Sn4TXd6_xzj">https://launchpad.=
net/ubuntu/+<wbr>source/aom/3.3.0-1ubuntu0.1</a><br>
=C2=A0 <a
href=3D"https://launchpad.net/ubuntu/+source/aom/1.0.0.errata1-3+deb11u1u=
buntu0.1"
rel=3D"noreferrer" target=3D"_blank"
data-saferedirecturl=3D"https://www.google.com/url?q=3Dhttps://launchpad.=
net/ubuntu/%2Bsource/aom/1.0.0.errata1-3%2Bdeb11u1ubuntu0.1&source=3D=
gmail&ust=3D1743522854577000&usg=3DAOvVaw1WJMowi16H-FFn3QTIDbb7">
=
https://launchpad.net/ubuntu/+<wbr>source/aom/1.0.0.errata1-3+deb<wbr>11u=
1ubuntu0.1</a></div>
</body>
</html>
--------------0cOgMsbOQpVG1ttDLxZ0Mu9T--
--------------0r3rEOIQBBWTZzbMcubQGzlI--
--------------ANhv2lX7JOo8tCMZC1g1vmix
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature.asc"
-----BEGIN PGP SIGNATURE-----
wsD5BAABCAAjFiEE26yozGlLvY8PLmS9C+du+fOjiEwFAmfqu04FAwAAAAAACgkQC+du+fOjiEy7
SQv/YBpq1LlqPQULK/SDp3xlokDwnDVonbExeE+lIUIIYjGXw7uEG18N9Pt/pxDsm6o5N7q6LY7J
cpKd9XhtKbvR4O5Pi2EUiqxtCurYSGKTQsR7sKGQ0creXNtDD8Mk0eZ3oR6u8QrwCZUthBCeY5Vu
hur161Y3Aiqf2VOwmAGFdcxx71yjLGjWUJZ3fBLmq52z/KUy1zr3VO+kjcODvUJpcCufuhdyP1xL
7PhRi/+h6oFoaY72BBatzRe7weGCUI4tyu7ezy0+x0k4oj+ZaKjRV9TH8Wpc6Gb7JBUHPAoHbeX8
CQlUNbXpJfIb6fKMHlqJB8N5T9YeAW2RDADOjUJyEvRnDo0a9qgC+DdvUtvR82ncyXD6ll3J2EKz
yh1UzLiCG1Q7bjLJT6DpPnqM8cf3qzuJ5cjq333rOuUkh/7XQKZ1OJ3u8Wliv7qNbXdMGe6wTQUG
Kl6xNTi7R02U+iBsACJ8EybIe4rH7SeD/64erWjt3hUKbLYdaUFkpwuTONXY
=+PjG
-----END PGP SIGNATURE-----
--------------ANhv2lX7JOo8tCMZC1g1vmix--
--===============1314154463776673814==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
Content-Disposition: inline
Cg==
--===============1314154463776673814==--
|
|
|
|
