|
|
Subscribe / Log in / New account

Mageia alert MGASA-2016-0424 (gstreamer1.0-plugins-good)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2016-0424: Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities 


Date:
    	      Thu, 29 Dec 2016 11:29:44 +0100


Message-ID:
    	      <20161229102944.8B3029F7AF@duvel.mageia.org>


MGASA-2016-0424 - Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix
security vulnerabilities

Publication date: 29 Dec 2016
URL: http://advisories.mageia.org/MGASA-2016-0424.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2016-9634,
     CVE-2016-9635,
     CVE-2016-9636,
     CVE-2016-9808,
     CVE-2016-9807,
     CVE-2016-9810

Description:
Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808).

An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX
media file format decoding plug-in. A remote attacker could use this
flaw to cause an application using GStreamer to crash
(CVE-2016-9807, CVE-2016-9810).

Note that CVE-2016-9810 only affected gstreamer1.0-plugins-good.

References:
- https://bugs.mageia.org/show_bug.cgi?id=19830
- https://rhn.redhat.com/errata/RHSA-2016-2975.html
- http://openwall.com/lists/oss-security/2016/12/05/8
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9810

SRPMS:
- 5/core/gstreamer0.10-plugins-good-0.10.31-9.1.mga5
- 5/core/gstreamer1.0-plugins-good-1.4.3-2.1.mga5
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds