[SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update

2020-03-3117:31:35

lists.debian.org

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.029 Low

EPSS

Percentile

90.7%

JSON

Package : gst-plugins-bad0.10
Version : 0.10.23-7.4+deb8u3
CVE ID : CVE-2015-0797 CVE-2016-9809 CVE-2017-5843 CVE-2017-5848

Several issues have been found in gst-plugins-bad0.10, a package
containing GStreamer plugins from the "bad" set.

All issues are about use-after-free, out of bounds reads or buffer
overflow in different modules.

For Debian 8 "Jessie", these problems have been fixed in version
0.10.23-7.4+deb8u3.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8i386gstreamer0.10-plugins-bad< 0.10.23-7.4+deb8u3gstreamer0.10-plugins-bad_0.10.23-7.4+deb8u3_i386.deb
Debian7amd64libgstreamer-plugins-bad0.10-0< 0.10.23-7.1+deb7u5libgstreamer-plugins-bad0.10-0_0.10.23-7.1+deb7u5_amd64.deb
Debian8allgst-plugins-bad0.10< 0.10.23-7.4+deb8u3gst-plugins-bad0.10_0.10.23-7.4+deb8u3_all.deb
Debian7amd64gstreamer0.10-plugins-bad-dbg< 0.10.23-7.1+deb7u5gstreamer0.10-plugins-bad-dbg_0.10.23-7.1+deb7u5_amd64.deb
Debian8armellibgstreamer-plugins-bad1.0-dev< 1.4.4-2.1+deb8u2libgstreamer-plugins-bad1.0-dev_1.4.4-2.1+deb8u2_armel.deb
Debian7i386libgstreamer-plugins-bad0.10-0< 0.10.23-7.1+deb7u5libgstreamer-plugins-bad0.10-0_0.10.23-7.1+deb7u5_i386.deb
Debian7i386libgstreamer-plugins-bad0.10-dev< 0.10.23-7.1+deb7u5libgstreamer-plugins-bad0.10-dev_0.10.23-7.1+deb7u5_i386.deb
Debian8arm64gstreamer1.0-plugins-bad< 1.4.4-2.1+deb8u2gstreamer1.0-plugins-bad_1.4.4-2.1+deb8u2_arm64.deb
Debian8ppc64ellibgstreamer-plugins-bad1.0-dev< 1.4.4-2.1+deb8u2libgstreamer-plugins-bad1.0-dev_1.4.4-2.1+deb8u2_ppc64el.deb
Debian7allgstreamer0.10-plugins-bad-doc< 0.10.23-7.1+deb7u5gstreamer0.10-plugins-bad-doc_0.10.23-7.1+deb7u5_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	i386	gstreamer0.10-plugins-bad	< 0.10.23-7.4+deb8u3	gstreamer0.10-plugins-bad_0.10.23-7.4+deb8u3_i386.deb
Debian	7	amd64	libgstreamer-plugins-bad0.10-0	< 0.10.23-7.1+deb7u5	libgstreamer-plugins-bad0.10-0_0.10.23-7.1+deb7u5_amd64.deb
Debian	8	all	gst-plugins-bad0.10	< 0.10.23-7.4+deb8u3	gst-plugins-bad0.10_0.10.23-7.4+deb8u3_all.deb
Debian	7	amd64	gstreamer0.10-plugins-bad-dbg	< 0.10.23-7.1+deb7u5	gstreamer0.10-plugins-bad-dbg_0.10.23-7.1+deb7u5_amd64.deb
Debian	8	armel	libgstreamer-plugins-bad1.0-dev	< 1.4.4-2.1+deb8u2	libgstreamer-plugins-bad1.0-dev_1.4.4-2.1+deb8u2_armel.deb
Debian	7	i386	libgstreamer-plugins-bad0.10-0	< 0.10.23-7.1+deb7u5	libgstreamer-plugins-bad0.10-0_0.10.23-7.1+deb7u5_i386.deb
Debian	7	i386	libgstreamer-plugins-bad0.10-dev	< 0.10.23-7.1+deb7u5	libgstreamer-plugins-bad0.10-dev_0.10.23-7.1+deb7u5_i386.deb
Debian	8	arm64	gstreamer1.0-plugins-bad	< 1.4.4-2.1+deb8u2	gstreamer1.0-plugins-bad_1.4.4-2.1+deb8u2_arm64.deb
Debian	8	ppc64el	libgstreamer-plugins-bad1.0-dev	< 1.4.4-2.1+deb8u2	libgstreamer-plugins-bad1.0-dev_1.4.4-2.1+deb8u2_ppc64el.deb
Debian	7	all	gstreamer0.10-plugins-bad-doc	< 0.10.23-7.1+deb7u5	gstreamer0.10-plugins-bad-doc_0.10.23-7.1+deb7u5_all.deb