Ubuntu alert USN-6798-1 (gst-plugins-base1.0)
| From: | "Leonidas S. Barbosa" <leo.barbosa@canonical.com> | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-6798-1] GStreamer Base Plugins vulnerability | |
| Date: | Wed, 29 May 2024 14:25:06 -0300 | |
| Message-ID: | <20240529172506.GA2279195@d4rkl41n> |
========================================================================== Ubuntu Security Notice USN-6798-1 May 29, 2024 gst-plugins-base1.0 vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: GStreamer Base Plugins could be made to crash or run programs as your login if it opened a specially crafted file. Software Description: - gst-plugins-base1.0: GStreamer plugins Details: It was discovered that GStreamer Base Plugins incorrectly handled certain EXIF metadata. An attacker could possibly use this issue to execute arbitrary code or cause a crash. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS gstreamer1.0-plugins-base 1.24.2-1ubuntu0.1 Ubuntu 23.10 gstreamer1.0-plugins-base 1.22.6-1ubuntu0.1 Ubuntu 22.04 LTS gstreamer1.0-plugins-base 1.20.1-1ubuntu0.2 Ubuntu 20.04 LTS gstreamer1.0-plugins-base 1.16.3-0ubuntu1.3 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6798-1 CVE-2024-4453 Package Information: https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/... https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/... https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/... https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEf+ebRFcoyOoAQoOeRbznW4QLH2kFAmZXZO4ACgkQRbznW4QL H2n64Q//dKv8vNY+RziRqihhfluCd9nLheDYyChJU0qdm3Ub94bSM6QpeSJ7USak QE95UN5Pa8HOM91G9F+1SqQGmXryPRKlD56q2IWItxzgs5578SficHG8CRxxvRSJ EkuSjRmPzb6B4O3cALIXqzgUmPOddTFdJ2nQIeYlCDsUf0uO0ZGHtNwWZMUpUC9s yLShnTergrpO2iyyTVEViYNpogcAZDTE5t5inWdAcpTVg11SRnmd75yWLzZgNlh0 TsA1gxp4yxFzsAbasg59Rwj8Tw6m1bvjLvRE/L5MJnwd4M4/z3dAgV+fgmepXNxB GRUD058tYLfyqK9WslT3VOs0/oLbRT+Gb2LBPX5flnlFfQBMuolwhbGxasZmGQPa qliN25l8mto0qQFH0WZcMyy3L3zsuT7Um/fUPw1VY1dl+s/+nzC0E0QaDpwE0Q4A rIFHYO9JC3FxUrtbARC2jZoLg+7GjSEld435sCC5Dfov91xQqvnjBB47tbx3ZnCi OkwKr72SzSPQ8rAKJ7RYYdyeJ8A/fXar81tf98EW7JSrQAUx2j7NHM2gps9DHP85 TEwOp2PUlvNtKNIp2oRrAvxerKintrkZoKT5uB0y7ciqHAVVQD8YtYnUV37Smncd J4FdToqFAdfKeu0qNdIH7TH1ynHoOvughAh6Xgt4TQWnrquyjW0= =Vts2 -----END PGP SIGNATURE-----
Attachment: None (type=text/plain)