drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in libass
Name: |
Mehrere Probleme in libass |
|
ID: |
201702-25 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Di, 21. Februar 2017, 07:39 |
|
Referenzen: |
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7972
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7969
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7970
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7971 |
|
Applikationen: |
libass |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --fRb7xJU4p58sNlCeJBwTpf44qd5uK3q8I Content-Type: multipart/mixed; boundary="OAUkuCnOJ92gul2nLP1uXPpqR2A2R5Kof"; protected-headers="v1" From: Thomas Deutschmann <whissi@gentoo.org> Reply-To: security@gentoo.org To: gentoo-announce@lists.gentoo.org Message-ID: <605bcb35-6c56-de19-423b-9743a7bf1ad0@gentoo.org> Subject: [ GLSA 201702-25 ] libass: Multiple vulnerabilities
--OAUkuCnOJ92gul2nLP1uXPpqR2A2R5Kof Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201702-25 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: libass: Multiple vulnerabilities Date: February 20, 2017 Bugs: #596422 ID: 201702-25
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in libass, the worst of which have unknown impacts.
Background ==========
libass is a portable subtitle renderer for the ASS/SSA (Advanced Substation Alpha/Substation Alpha) subtitle format.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/libass < 0.13.4 >= 0.13.4
Description ===========
Multiple vulnerabilities have been discovered in libass. Please review the CVE identifiers referenced below for details.
Impact ======
A remote attacker could cause a Denial of Service condition or other unknown impacts via unknown attack vectors.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All libass users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-libs/libass-0.13.4"
References ==========
[ 1 ] CVE-2016-7969 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7969 [ 2 ] CVE-2016-7970 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7970 [ 3 ] CVE-2016-7971 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7971 [ 4 ] CVE-2016-7972 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7972
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201702-25
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--OAUkuCnOJ92gul2nLP1uXPpqR2A2R5Kof--
--fRb7xJU4p58sNlCeJBwTpf44qd5uK3q8I Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0
iQJ8BAEBCgBmBQJYq4F+XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5 NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/Iim4QAIrXSwjQUkeY/XaT/asWYXlu G6TCa86WjZ6EYK8z1wRGx+swAmA6qXgctGIGfpExrbaO4spazL2HomCNdc0XsxyA fnR6dByPdUnTFOFO6bbOdxpE3mJU9oLchNwD3R4XwaCXAigXsu8XAAUOXwlnxie4 pdiQPaA/TDgIB+qZMScypbnl1JlJ0d+5t8Fc/vfY0Dp4gag0BEJks5blr9iRPbrM IxnwmkUIGVrs4IHNa09JxOb78lYbvG0eyH7nroIKgYa1BzcogOg6/1+5XOMTw/Wb iYNCVkForEkBuVFMr9zBSP4twYUVo42jfM/RoGEUGSzoqpobkQ9i6UEZGhhCdFxJ WjVBSlLNF75P4RqW963GdbWfwGpT7ZrIPY+7RikGNLhES1SPC3jI2KhCKiwgWMmJ a4MOChCsRQIQd8DZJ0Y20KxpH/xKAolaB0Sxp3b6/4IBktXNxfK6s2EpFcVT4KxC JiQcWNXIUH/yDHb09LxItroT++dOFI5txQpaYoEbkObT/AjeUEYU7AZbCxkjXKVu wmYRNVTkCsC7GTdewRShVrVgHzu6MSu4TaZ6EI9AAsN9QxjK92qeJ6NWzDY7AAZp Kyue4ZQ4mEg9I87coPyCBFrr0OtNO6GvF3H724fpMDXEFueqgRHWbCsA2iphEAPB 5RB/le4kyeUTVr1+JpDL =7V3k -----END PGP SIGNATURE-----
--fRb7xJU4p58sNlCeJBwTpf44qd5uK3q8I--
|
|
|
|