Author: ken
Date: Fri Feb 5 14:16:09 2021
New Revision: 1698
Log:
Advisories as far as VLC.
Modified:
html/trunk/blfs/advisories/10.0.html
html/trunk/blfs/advisories/consolidated.html
Modified: html/trunk/blfs/advisories/10.0.html
==============================================================================
--- html/trunk/blfs/advisories/10.0.html Fri Feb 5 13:01:06 2021
(r1697)
+++ html/trunk/blfs/advisories/10.0.html Fri Feb 5 14:16:09 2021
(r1698)
@@ -187,11 +187,21 @@
<h4>10.0 003 GnuTLS Date: 2020-09-03 Severity: High</h4>
<p>A null-pointer dereference causing a remotely-triggered crash in the
- client application was found. Update to GniTLS-3.6.15 or later.
+ client application was found. Update to GnuTLS-3.6.15 or later.
<a href=consolidated.html#10.0-003>10.0-003</a></p>
<!-- end of GnuTLS -->
+ <h3>GPTfdisk</h3>
+
+ <h4>10.0 074 GPTfdisk Date: 2021-01-26 Severity: Medium</h4>
+ <p>In GPTfdisk before version 1.0.6, in rare cases an improperly formatted
+ MBR partition table could lead to arbitrary code execution when running
+ gdisk or cgdisk. To fix this update to GPTfdisk-1.0.6 or later.
+ <a href=consolidated.html#10.0-074>10.0-074</a></p>
+
+<!-- end of GPTfdisk -->
+
<h3>The Gstreamer Stack</h3>
<h4>10.0 026 The Gstreamer stack Date: 2020-10-27 Severity: High</h4>
@@ -204,7 +214,7 @@
<h3>ImageMagick</h3>
<h4>10.0 067 ImageMagick Date: 2021-01-14 Severity: High</h4>
- <p>Two vulnerabilities were fond in ImageMagick, a division by zero causing
+ <p>Two vulnerabilities were found in ImageMagick, a division by zero
causing
Denial of Service, and the -authenticate option to set a password for
password-protected PDF files was not properly sanitized, allowing users to
inject additional shell commands.
@@ -569,6 +579,16 @@
<!-- end of Unbound -->
+ <h3>VLC</h3>
+
+ <h4>10.0 075 VLC Media Player Date: 2021-01-30 Severity: High</h4>
+ <p>In VLC Media Player up to and including version 3.0.11 a remote user
+ could create a speciaaly crafted file or stream that would lead to crashes
+ and potential information leakage, or perhaps arbitrary code execution.
+ <a href=consolidated.html#10.0-075>10.0-075</a></p>
+
+<!-- end of VLC -->
+
<h3>Vorbis Tools</h3>
<h4>10.0 070 Vorbis Tools Updated: 2021-01-26 Severity: High</h4>
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Fri Feb 5 13:01:06
2021 (r1697)
+++ html/trunk/blfs/advisories/consolidated.html Fri Feb 5 14:16:09
2021 (r1698)
@@ -71,6 +71,30 @@
replaced or archived). See the gstreamer links re 1.16 for an example of
linking to a released book (old 10.0) -->
+ <a id="10.0-075">
+ <h4>10.0 075 VLC Media Player Date: 2021-01-30 Severity: High</h4>
+ <p>In VLC Media Player up to and including version 3.0.11 a remote user
+ could create a speciaaly crafted file or stream that would lead to crashes
+ and potential information leakage, or perhaps arbitrary code execution.
+ <a
href="https://www.videolan.org/security/sb-vlc3012.html";>VideoLAN-SB-VLC-3012
+</a>.</p>
+ <p>To fix this, update to VLC-3.0.12 or later using the instructions
+ from the development book for
+ <a href="../view/svn/multimedia/vlc.html">VLC (sysv)</a> or
+ <a href="../view/systemd/multimedia/vlc.html">VLC (systemd)</a>.</p>
+
+ <a id="10.0-074">
+ <h4>10.0 074 GPTfdisk Date: 2021-01-26 Severity: Moderate</h4>
+ <p>In GPTfdisk before version 1.0.6 a possible out-of-bounds write in
+ ReadLogicalParts of basicmbr.cc could be triggered by running gdisk or
+ cgdisk on an improperly formatted MBR partition, leading to arbitrary code
+ execution.
+ <a
href="https://nvd.nist.gov/vuln/detail/CVE-2021-0308";>CVE-2021-0308</a>.</p>
+ <p>To fix this, update to GPTfdisk-1.0.6 or later using the instructions
+ from the development book for
+ <a href="../view/svn/postlfs/gptfdisk.html">GPTfdisk (sysv)</a> or
+ <a href="../view/systemd/postlfs/gptfdisk.html">GPTfdisk (systemd)</a>.</p>
+
<a id="10.0-073">
<h4>10.0 073 Sudo Date: 2021-01-26 Severity: Critical</h4>
<p>In Sudo before 1.9.5p2 the 'Baron Samedi' exploit allows privilege
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
