Scientific Linux alert SLSA-2017:0020-1 (gstreamer1-plugins-good)

From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Moderate: gstreamer1-plugins-good on SL7.x x86_64 
Date:
    	       Thu, 5 Jan 2017 14:56:01 +0000
Message-ID:
    	       <20170105145601.1960.78262@slpackages.fnal.gov>
Synopsis:          Moderate: gstreamer1-plugins-good security update
Advisory ID:       SLSA-2017:0020-1
Issue Date:        2017-01-05
CVE Numbers:       CVE-2016-9634
                   CVE-2016-9635
                   CVE-2016-9636
                   CVE-2016-9808
                   CVE-2016-9807
--

Security Fix(es):

* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to cause
an application using GStreamer to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)

* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX
media file format decoding plug-in. A remote attacker could use this flaw
to cause an application using GStreamer to crash. (CVE-2016-9807)

Note: This update removes the vulnerable FLC/FLI/FLX plug-in.
--

SL7
  x86_64
    gstreamer1-plugins-good-1.4.5-3.el7_3.i686.rpm
    gstreamer1-plugins-good-1.4.5-3.el7_3.x86_64.rpm
    gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.i686.rpm
    gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.x86_64.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Moderate: gstreamer1-plugins-good on SL7.x x86_64
Date:		Thu, 5 Jan 2017 14:56:01 +0000
Message-ID:		<20170105145601.1960.78262@slpackages.fnal.gov>