[SECURITY] [DLA 2640-1] gst-plugins-good1.0 security update

2021-04-2609:53:15

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.1%

JSON

Debian LTS Advisory DLA-2640-1 [email protected]
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 26, 2021 https://wiki.debian.org/LTS

Package : gst-plugins-good1.0
Version : 1.10.4-1+deb9u1
CVE ID : CVE-2021-3497
Debian Bug : 986910

A use-after-free vulnerability was found in the Matroska plugin of the
the GStreamer media framework, which may result in denial of service or
potentially the execution of arbitrary code if a malformed media file
is opened.

For Debian 9 stretch, this problem has been fixed in version
1.10.4-1+deb9u1.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian10amd64gstreamer1.0-plugins-good< 1.14.4-1+deb10u1gstreamer1.0-plugins-good_1.14.4-1+deb10u1_amd64.deb
Debian9allgst-plugins-good1.0< 1.10.4-1+deb9u1gst-plugins-good1.0_1.10.4-1+deb9u1_all.deb
Debian10ppc64elgstreamer1.0-qt5< 1.14.4-1+deb10u1gstreamer1.0-qt5_1.14.4-1+deb10u1_ppc64el.deb
Debian9amd64gstreamer1.0-plugins-good< 1.10.4-1+deb9u1gstreamer1.0-plugins-good_1.10.4-1+deb9u1_amd64.deb
Debian9amd64gstreamer1.0-pulseaudio< 1.10.4-1+deb9u1gstreamer1.0-pulseaudio_1.10.4-1+deb9u1_amd64.deb
Debian10mipsgstreamer1.0-gtk3< 1.14.4-1+deb10u1gstreamer1.0-gtk3_1.14.4-1+deb10u1_mips.deb
Debian10i386gstreamer1.0-gtk3< 1.14.4-1+deb10u1gstreamer1.0-gtk3_1.14.4-1+deb10u1_i386.deb
Debian10allgst-plugins-good1.0< 1.14.4-1+deb10u1gst-plugins-good1.0_1.14.4-1+deb10u1_all.deb
Debian9i386gstreamer1.0-plugins-good-dbg< 1.10.4-1+deb9u1gstreamer1.0-plugins-good-dbg_1.10.4-1+deb9u1_i386.deb
Debian9armhfgstreamer1.0-plugins-good-dbg< 1.10.4-1+deb9u1gstreamer1.0-plugins-good-dbg_1.10.4-1+deb9u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	amd64	gstreamer1.0-plugins-good	< 1.14.4-1+deb10u1	gstreamer1.0-plugins-good_1.14.4-1+deb10u1_amd64.deb
Debian	9	all	gst-plugins-good1.0	< 1.10.4-1+deb9u1	gst-plugins-good1.0_1.10.4-1+deb9u1_all.deb
Debian	10	ppc64el	gstreamer1.0-qt5	< 1.14.4-1+deb10u1	gstreamer1.0-qt5_1.14.4-1+deb10u1_ppc64el.deb
Debian	9	amd64	gstreamer1.0-plugins-good	< 1.10.4-1+deb9u1	gstreamer1.0-plugins-good_1.10.4-1+deb9u1_amd64.deb
Debian	9	amd64	gstreamer1.0-pulseaudio	< 1.10.4-1+deb9u1	gstreamer1.0-pulseaudio_1.10.4-1+deb9u1_amd64.deb
Debian	10	mips	gstreamer1.0-gtk3	< 1.14.4-1+deb10u1	gstreamer1.0-gtk3_1.14.4-1+deb10u1_mips.deb
Debian	10	i386	gstreamer1.0-gtk3	< 1.14.4-1+deb10u1	gstreamer1.0-gtk3_1.14.4-1+deb10u1_i386.deb
Debian	10	all	gst-plugins-good1.0	< 1.14.4-1+deb10u1	gst-plugins-good1.0_1.14.4-1+deb10u1_all.deb
Debian	9	i386	gstreamer1.0-plugins-good-dbg	< 1.10.4-1+deb9u1	gstreamer1.0-plugins-good-dbg_1.10.4-1+deb9u1_i386.deb
Debian	9	armhf	gstreamer1.0-plugins-good-dbg	< 1.10.4-1+deb9u1	gstreamer1.0-plugins-good-dbg_1.10.4-1+deb9u1_armhf.deb