UBUNTU-CVE-2024-42228

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value size when calling amdgpuvcecsreloc Initialize the size before calling amdgpuvcecsreloc, such as case 0x03000001. V2: To really improve the handling we would actually need to have a separate...

CVE-2024-42088

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Add platform entry for ETDM1OUTBE dai link Commit e70b8dd26711 "ASoC: mediatek: mt8195: Remove afe-dai component and rework codec link" removed the codec entry for the ETDM1OUTBE dai link entirely instead ...

netty-codec-http: Allocation of Resources Without Limits or Throttling

A flaw was found in the io.netty:netty-codec-http package. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling issues due to the accumulation of data in the HttpPostRequestDecoder. The decoder cumulates bytes in the undecodedChunk buffer until ...

PT-2024-40824 · Flac · Flac

Name of the Vulnerable Software and Affected Versions: FLAC affected versions not specified Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the FLAC replaygain synthesis apply gain function, which is called from the write callback and...

kernel: Bluetooth: hci_codec: Fix leaking content of local_codecs

A memory leak flaw was found in the Linux kernel’s Bluetooth functionality. This flaw allows a local user to crash the system...

[SECURITY] Fedora 40 Update: ffmpeg-6.1.1-19.fc40

FFmpeg is a leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge. No matter if they were designed by some standards...

CLSA-2024-1721401573 Fix CVE(s): CVE-2020-27619

SECURITY UPDATE: eval on content received via HTTP in test suite - debian/patches/CVE-2020-27619.patch: No longer call eval on content received via HTTP in the CJK codec tests - CVE-2020-27619...

CLSA-2024-1721401321 Fix CVE(s): CVE-2020-27619

SECURITY UPDATE: eval on content received via HTTP in test suite - debian/patches/CVE-2020-27619.patch: No longer call eval on content received via HTTP in the CJK codec tests - CVE-2020-27619...

OESA-2024-1846 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

SUSE CVE-2022-48852

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our device at unbind...

SUSE CVE-2024-40965

In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clkgetrate during transfer Instead of repeatedly calling clkgetrate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic32x4 audio codec to the...

CVE-2022-48852

A flaw was found in Unbind. On Bind, the HDMI codec device is registered but not unregistered on Unbind, leading to a device leakage...

CVE-2024-40964

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41hdaunbind The cs35l41hdaunbind function clears the hdacomponent entry matching it's index and then dereferences the codec pointer held in the first element of the...

DEBIAN-CVE-2022-48852

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our device at unbind...

UBUNTU-CVE-2022-48852

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our device at unbind...

CVE-2022-48852 drm/vc4: hdmi: Unregister codec device on unbind

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our device at unbind...

CVE-2022-48852 drm/vc4: hdmi: Unregister codec device on unbind

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our device at unbind...

CVE-2022-48852 drm/vc4: hdmi: Unregister codec device on unbind

In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Unregister codec device on unbind On bind we will register the HDMI codec device but we don't unregister it on unbind, leading to a device leakage. Unregister our device at unbind...

SUSE CVE-2024-40964

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Possible null pointer dereference in cs35l41hdaunbind The cs35l41hdaunbind function clears the hdacomponent entry matching it's index and then dereferences the codec pointer held in the first element of the...

Security Bulletin: IBM Asset Data Dictionary Component uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025

Summary IBM Asset Data Dictionary Component uses netty-codec-http-4.1.100.Final.jar which is vulnerable to CVE-2024-29025. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2024-29025 DESCRIPTION: Netty is vulnerable to a denial of...