------------------------------------------------------------------------- Debian LTS Advisory DLA-4252-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Daniel Leidert July 27, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : snapcast Version : 0.23.0+dfsg1-1+deb11u1 CVE ID : CVE-2023-36177 An RCE vulnerability was found in snapcast, a multi-room client-server audio player. CVE-2023-36177 Remote attackers can execute arbitrary code and gain sensitive information via crafted requests in JSON-RPC-API. The fix disallows the process stream type. For Debian 11 bullseye, this problem has been fixed in version 0.23.0+dfsg1-1+deb11u1. We recommend that you upgrade your snapcast packages. For the detailed security status of snapcast please refer to its security tracker page at: https://security-tracker.debian.org/tracker/snapcast Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part