Ubuntu alert USN-7558-1 (gst-plugins-bad1.0)

From:
             
 
Fabian Toepfer <fabian.toepfer@canonical.com>
To:
             
 
ubuntu-security-announce@lists.ubuntu.com
Subject:
             
 
[USN-7558-1] GStreamer Bad Plugins vulnerabilities
Date:
             
 
Thu, 05 Jun 2025 17:15:43 +0200
Message-ID:
             
 
<27fa7712-f905-461c-9255-df07e378f506@canonical.com>
==========================================================================
Ubuntu Security Notice USN-7558-1
June 05, 2025

gst-plugins-bad1.0 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

Several security issues were fixed in GStreamer Bad Plugins.

Software Description:
- gst-plugins-bad1.0: GStreamer plugins

Details:

It was discovered that the AV1 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444)

It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-3887)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
   gstreamer1.0-plugins-bad        1.26.0-1ubuntu2.1
   libgstreamer-plugins-bad1.0-0   1.26.0-1ubuntu2.1

Ubuntu 24.10
   gstreamer1.0-plugins-bad        1.24.8-2ubuntu1.1
   libgstreamer-plugins-bad1.0-0   1.24.8-2ubuntu1.1

Ubuntu 24.04 LTS
   gstreamer1.0-plugins-bad        1.24.2-1ubuntu4+esm1
                                   Available with Ubuntu Pro
   libgstreamer-plugins-bad1.0-0   1.24.2-1ubuntu4+esm1
                                   Available with Ubuntu Pro

Ubuntu 22.04 LTS
   gstreamer1.0-plugins-bad        1.20.3-0ubuntu1.1+esm2
                                   Available with Ubuntu Pro
   libgstreamer-plugins-bad1.0-0   1.20.3-0ubuntu1.1+esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   gstreamer1.0-plugins-bad        1.16.3-0ubuntu1.1+esm1
                                   Available with Ubuntu Pro
   libgstreamer-plugins-bad1.0-0   1.16.3-0ubuntu1.1+esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-7558-1
   CVE-2023-50186, CVE-2024-0444, CVE-2025-3887

Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1...
https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1...



Attachment: OpenPGP_signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmhBtJ8FAwAAAAAACgkQCAvK1QvD6SAc
CxAAvq8mY0jmiK/te9QtLIglOzyOT3JNrgYgBDoaemJgljkgXEqtokFHuVhlxxYonk//ospJ7D4w
DidNDF4D1CW1LZLYYSXwTaX+3cL4+zcJ0xgkC0qEqbUyWUpTsuN9rMKomE8Djoq18ocLaULkTm1R
z8kSoaZ35k6R7vimemAyflo7ewaQOE/8Y2OFzCoAYkA+T0tcnVdTXvSpORTBX1AAIcGPa90nEioe
0iOwLVAF1pUPc1Km9YBn7EF2MwPrNLlYJBINVeiQjS6ivx2XM/Kbr+wMsW4Q0VJmag1gZRaSh0Hk
04ibDjbx2ECDjfClPWFYfp3yd9XcCjG7UiNyFFxQBhjzvt35+MdSVjGInFvtDqfWoLVX0zESzfkr
7UWQN/RHfkA4rNOaAeU+cIXRjty+APqLcIiRtexUJZstUqSDudAEzHeZcACShWgH9TqPO6OWIBzY
UQpbroy7SHV372Eto3ZbdXtmgY3JvmVH9L0eQ4l4ZbwuMBS/Jrgnw/E4n5Ivz8kOXSHcZ3jRV//g
KbGBqAF3GHFh6dbu9meQld1Av5OjHYpGQoZ9pmUQCzZ10S8WzC1/L5qNHJcfVwctDBxz+hyhLg+c
4qUTtrdj0L8mwgHvXtXe/upNmJZrlgsFPLR5oUvE6DNoxQtzBJnkxPWZhmDHqWN9LyO3x80/ve09
LCg=
=T7Pm
-----END PGP SIGNATURE-----


Attachment: None (type=text/plain)