|
|
Subscribe / Log in / New account

Ubuntu alert USN-7174-1 (gstreamer1.0)



From:
              Marc Deslauriers <marc.deslauriers@canonical.com>


To:
              "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com>


Subject:
              [USN-7174-1] GStreamer vulnerability


Date:
              Wed, 18 Dec 2024 10:07:55 -0500


Message-ID:
              <44abb0c0-d564-441c-831b-2b2cb60f77bd@canonical.com>


==========================================================================
Ubuntu Security Notice USN-7174-1
December 18, 2024

gstreamer1.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

GStreamer could be made to crash or run programs as your login if it opened
a specially crafted file.

Software Description:
- gstreamer1.0: GStreamer is a streaming media framework

Details:

Antonio Morales discovered that GStreamer incorrectly handled allocating
memory for certain buffers. An attacker could use this issue to cause
GStreamer to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libgstreamer1.0-0               1.24.8-1ubuntu0.1

Ubuntu 24.04 LTS
   libgstreamer1.0-0               1.24.2-1ubuntu0.1

Ubuntu 22.04 LTS
   libgstreamer1.0-0               1.20.3-0ubuntu1.1

Ubuntu 20.04 LTS
   libgstreamer1.0-0               1.16.3-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7174-1
   CVE-2024-47606

Package Information:
   https://launchpad.net/ubuntu/+source/gstreamer1.0/1.24.8-...
   https://launchpad.net/ubuntu/+source/gstreamer1.0/1.24.2-...
   https://launchpad.net/ubuntu/+source/gstreamer1.0/1.20.3-...
   https://launchpad.net/ubuntu/+source/gstreamer1.0/1.16.3-...





Attachment: OpenPGP_signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmdi5UwACgkQZWnYVadE
vpMjiw/6A0xQ6uu7qq56UjkBr0LW6UiEbA712SiD81PWX+TDGh9JMIWRuIkJKVZ/
ininISHbpMNsNd1Q3mvF3a91azI3i8ZxmZTFwso9r2fWw842tfcECEX2mQ5PTM3C
X6HPNwD1x69HpNKMwdDLGukS3nH912xTJ0TBaJdhPfQAXPZp9hY5R+hg3WNdnZmg
KkDAahahhQ+5btV2xpKexj/5NW3lMuzYZ5Lh9U8ZLTFrLPrTf+AFo7cASZYPf23T
WYHppP6XPpT3JVR8h/mHscbrQWlycWihcpBr3oxGVI+eqWjPT/MDmFegnntga0MY
ZGFdLSgaSpKpj/wdDXsFao2xoq+s+DRA/JUzeE5dKjndAItDY09urumh/nvE6oNh
XNZMcIDQk4BVkAqj+Aj6z3ZSHLfW4B0Si2Z6EMH/mumc0bAZrS0PNsD0BdaNhqd4
mrSWjIep6u+4a5OZlodxD3+dv1sb/L6yqqOA/MRCvfv5z8jpPuOQ1TVvOwxxGUi/
i4+DzTdogpV3Xcd2vxmD8lZXNUrJIr7yhbfUUwQMepBj2wW9xuRXIGF14r0k27bI
JZSz8DEU7RLRAfaLhkZHjjcRwS9VwoTZW2wson77h0nSU4VAg8x+cs4Ezbcv+Qf1
cgO8sUh3SFs9O37hIBk+gYDRUzCUJoDQfM4oYpTfFZY75E+7FN8=
=j1gP
-----END PGP SIGNATURE-----




Attachment: None (type=text/plain)
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds