Advisories » MGASA-2018-0013

Updated gstreamer1.0-plugins-bad packages fix security vulnerability

Publication date: 01 Jan 2018
Modification date: 01 Jan 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2016-9809 , CVE-2017-5843 , CVE-2017-5848

Description

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of service
or the execution of arbitrary code if a malformed media file is opened
(CVE-2016-9809, CVE-2017-5843, CVE-2017-5848).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20238
• https://www.debian.org/security/2017/dsa-3818
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9809
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5843
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5848

SRPMS

6/core

• gstreamer0.10-plugins-bad-0.10.23-35.1.mga6

6/tainted

• gstreamer0.10-plugins-bad-0.10.23-35.1.mga6.tainted