Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities
Publication date: 21 Sep 2017Modification date: 21 Sep 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10198 , CVE-2016-10199 , CVE-2017-5840 , CVE-2017-5841 , CVE-2017-5845
Description
A crafted AAC audio file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10198). A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (CVE-2016-10199). A crafted AVI file could have caused an invalid read and thus corruption or denial of service (CVE-2017-5840). A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (CVE-2017-5841). A crafted AVI file could have caused an invalid read access resulting in denial of service (CVE-2017-5845). Note that GStreamer 0.10 was only affected by CVE-2016-10198 and CVE-2017-5840.
References
- https://bugs.mageia.org/show_bug.cgi?id=20237
- http://openwall.com/lists/oss-security/2017/02/02/9
- https://lists.opensuse.org/opensuse-updates/2017-04/msg00073.html
- https://lwn.net/Alerts/714997/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10198
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10199
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5840
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5841
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5845
SRPMS
5/core
- gstreamer0.10-plugins-good-0.10.31-9.2.mga5
- gstreamer1.0-plugins-good-1.4.3-2.2.mga5