-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : faad2 Version : 2.7-8+deb8u2 CVE ID : CVE-2018-20194 CVE-2018-20197 CVE-2018-20198 CVE-2018-20362
Multiple vulnerabilities have been found in faad2, the Freeware Advanced Audio Coder: CVE-2018-20194 CVE-2018-20197 Improper handling of implicit channel mapping reconfiguration leads to multiple heap based buffer overflow issues. These flaws might be leveraged by remote attackers to cause DoS. CVE-2018-20198 CVE-2018-20362 Insufficient user input validation in the sbr_hfadj module leads to stack-based buffer underflow issues. These flaws might be leveraged by remote attackers to cause DoS or any other unspecified impact. For Debian 8 "Jessie", these problems have been fixed in version 2.7-8+deb8u2. We recommend that you upgrade your faad2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEUFZhdgIWqBhwqCvuZYVUZx9w0DQFAlzhXiYACgkQZYVUZx9w 0DSd7AgAnx+bcGQQ52QVsGN9pp7pNXewl2T2e0u9T9FnJtBEULdps/FOBcX7hD73 WXFuJ8KKB8fnYmvyaqEH4YBJfLK+oBZltafogg23Y8vU4X9b1w0RaMQUI0kfYVwy 7sxEX5j45I9N10gW0g0aBpHo0Clan2N8Yp7JaOyDgQ5oT/IHp0T9QH5n7B3sU0No xNCtJ4WpCC0BRUVKYiyN2eRNOFW+MZ1w8Z2JCuF1fxtMWNWJ5vLn0UbYgGbSNrqn PQbA92rFi/riY8oFGBhgoDaOIoygdAl0+0nagAmQEb0gn1A1GBfoIBzPKd81xrL4 Sd5hfA0xD2MBG6K3jr9pu9hNjIdVEw== =rojk -----END PGP SIGNATURE-----