SCIENTIFIC-LINUX-ERRATA Archives

January 2017

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Moderate: gstreamer1-plugins-bad-free on SL7.x x86_64
From:
Pat Riehecky <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Thu, 5 Jan 2017 14:56:08 -0000
Content-Type:
text/plain
Parts/Attachments:
text/plain (33 lines) 
Synopsis:          Moderate: gstreamer1-plugins-bad-free security update
Advisory ID:       SLSA-2017:0021-1
Issue Date:        2017-01-05
CVE Numbers:       CVE-2016-9445
                   CVE-2016-9809
                   CVE-2016-9812
                   CVE-2016-9813
--

Security Fix(es):

* An integer overflow flaw, leading to a heap-based buffer overflow, was
found in GStreamer's VMware VMnc video file format decoding plug-in. A
remote attacker could use this flaw to cause an application using
GStreamer to crash or, potentially, execute arbitrary code with the
privileges of the user running the application. (CVE-2016-9445)

* Multiple flaws were discovered in GStreamer's H.264 and MPEG-TS plug-
ins. A remote attacker could use these flaws to cause an application using
GStreamer to crash. (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813)
--

SL7
  x86_64
    gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm
    gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm
    gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm
    gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm
    gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm
    gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm

- Scientific Linux Development Team

ATOM RSS1 RSS2