ELA-1280-1 amavisd-new security update
ELA-1281-1 gstreamer1.0 security update
ELA-1280-1 amavisd-new security update
Package : amavisd-new
Version : 1:2.10.1-4+deb9u1 (stretch), 1:2.11.0-6.1+deb10u1 (buster)
Related CVEs :
CVE-2024-28054
Amavis has an interpretation conflict when there are ambiguous
boundary delimiters in a MIME email message. An attacker can send
crafted emails that avoid checks for banned files or malware.
Amavis now treats such emails as UNCHECKED, and this new behavior can
be configured, see:
https://gitlab.com/amavis/amavis/-/raw/v2.12.3/RELEASE_NOTES
https://gitlab.com/amavis/amavis/-/blob/master/README_FILES/README.CVE-2024-28054
ELA-1281-1 gstreamer1.0 security update
Package : gstreamer1.0
Version : 1.4.4-2+deb8u2 (jessie), 1.10.4-1+deb9u1 (stretch), 1.14.4-1+deb10u1 (buster)
Related CVEs :
CVE-2024-47606
gstreamer a multimedia framework was affected by a vulnerability.
The vulnerability occurs due to an underflow of the gint size variable, which causes
size to hold a large unintended value when cast to an unsigned integer.
This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a
call to gst_buffer_new_and_alloc.
The function gst_buffer_new_allocate then attempts to allocate memory, eventually
calling _sysmem_new_block.
The function _sysmem_new_block adds alignment and header size to the (unsigned) size,
causing the overflow of the ‘slice_size’ variable.
