Advisories ยป MGASA-2016-0424

Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities

Publication date: 29 Dec 2016
Modification date: 29 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9634 , CVE-2016-9635 , CVE-2016-9636 , CVE-2016-9808 , CVE-2016-9807 , CVE-2016-9810

Description

Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the application
(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808).

An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX
media file format decoding plug-in. A remote attacker could use this
flaw to cause an application using GStreamer to crash
(CVE-2016-9807, CVE-2016-9810).

Note that CVE-2016-9810 only affected gstreamer1.0-plugins-good.
                

References

SRPMS

5/core