Mageia alert MGASA-2016-0424 (gstreamer1.0-plugins-good)
From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
To: | updates-announce@ml.mageia.org | |
Subject: | [updates-announce] MGASA-2016-0424: Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities | |
Date: | Thu, 29 Dec 2016 11:29:44 +0100 | |
Message-ID: | <20161229102944.8B3029F7AF@duvel.mageia.org> |
MGASA-2016-0424 - Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities Publication date: 29 Dec 2016 URL: http://advisories.mageia.org/MGASA-2016-0424.html Type: security Affected Mageia releases: 5 CVE: CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808, CVE-2016-9807, CVE-2016-9810 Description: Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808). An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash (CVE-2016-9807, CVE-2016-9810). Note that CVE-2016-9810 only affected gstreamer1.0-plugins-good. References: - https://bugs.mageia.org/show_bug.cgi?id=19830 - https://rhn.redhat.com/errata/RHSA-2016-2975.html - http://openwall.com/lists/oss-security/2016/12/05/8 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9810 SRPMS: - 5/core/gstreamer0.10-plugins-good-0.10.31-9.1.mga5 - 5/core/gstreamer1.0-plugins-good-1.4.3-2.1.mga5