important: gstreamer1-plugins-bad-free/pam security update
important
An update for gstreamer1-plugins-bad-free/pam is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
gstreamer1-plugins-bad-free:
pam:
Security Fix(es):
gstreamer1-plugins-bad-free: A buffer overflow vulnerability was found in the gstreamer-plugins-bad plugin for the Gstreamer media framework. A successful attack may lead to an application crash or arbitrary code execution if malformed media files are opened.(CVE-2023-50186)
gstreamer1-plugins-bad-free: bugfix
pam: A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input (stdin). As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This flaw could result in leaked passwords, such as those found in /etc/shadow while performing authentications.(CVE-2024-10041)
pam: A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals.(CVE-2024-10963)
pam: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.02B7.
© 2004-2023 广东中兴新支点技术有限公司 版权所有 (www.gd-linux.com) 粤ICP备15061780号-2
全国服务热线:400-033-0108