Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities
Publication date: 29 Dec 2016Modification date: 29 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9634 , CVE-2016-9635 , CVE-2016-9636 , CVE-2016-9808 , CVE-2016-9807 , CVE-2016-9810
Description
Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808). An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash (CVE-2016-9807, CVE-2016-9810). Note that CVE-2016-9810 only affected gstreamer1.0-plugins-good.
References
- https://bugs.mageia.org/show_bug.cgi?id=19830
- https://rhn.redhat.com/errata/RHSA-2016-2975.html
- http://openwall.com/lists/oss-security/2016/12/05/8
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9810
SRPMS
5/core
- gstreamer0.10-plugins-good-0.10.31-9.1.mga5
- gstreamer1.0-plugins-good-1.4.3-2.1.mga5