Lucene search

K
centosCentOS ProjectCESA-2017:2060
HistoryAug 24, 2017 - 1:36 a.m.

clutter, gnome, gstreamer, gstreamer1, orc security update

2017-08-2401:36:20
CentOS Project
lists.centos.org
65
gstreamer
clutter
gnome
security update
flaws fixed
orc

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.037

Percentile

92.0%

CentOS Errata and Security Advisory CESA-2017:2060

GStreamer is a streaming media framework based on graphs of filters which operate on media data.

The following packages have been upgraded to a later upstream version: clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es):

  • Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030307.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030444.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030464.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030465.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030466.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030467.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030468.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030469.html
https://lists.centos.org/pipermail/centos-cr-announce/2017-August/030693.html

Affected packages:
clutter-gst2
clutter-gst2-devel
gnome-video-effects
gstreamer-plugins-bad-free
gstreamer-plugins-bad-free-devel
gstreamer-plugins-bad-free-devel-docs
gstreamer-plugins-good
gstreamer-plugins-good-devel-docs
gstreamer1
gstreamer1-devel
gstreamer1-devel-docs
gstreamer1-plugins-bad-free
gstreamer1-plugins-bad-free-devel
gstreamer1-plugins-bad-free-gtk
gstreamer1-plugins-base
gstreamer1-plugins-base-devel
gstreamer1-plugins-base-devel-docs
gstreamer1-plugins-base-tools
gstreamer1-plugins-good
orc
orc-compiler
orc-devel
orc-doc

Upstream details at:
https://access.redhat.com/errata/RHSA-2017:2060

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.037

Percentile

92.0%