[SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update

2022-08-0915:51:07

lists.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

28.5%

JSON

Debian LTS Advisory DLA-3069-1 [email protected]
https://www.debian.org/lts/security/ Sebastian Dro"ge
August 09, 2022 https://wiki.debian.org/LTS

Package : gst-plugins-good1.0
Version : 1.14.4-1+deb10u2
CVE ID : CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923
CVE-2022-1924 CVE-2022-1925 CVE-2022-2122

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.

For Debian 10 buster, these problems have been fixed in version
1.14.4-1+deb10u2.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11amd64gstreamer1.0-plugins-good< 1.18.4-2+deb11u1gstreamer1.0-plugins-good_1.18.4-2+deb11u1_amd64.deb
Debian11ppc64elgstreamer1.0-qt5-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian11ppc64elgstreamer1.0-plugins-good-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian11ppc64elgstreamer1.0-plugins-good< 1.18.4-2+deb11u1gstreamer1.0-plugins-good_1.18.4-2+deb11u1_ppc64el.deb
Debian11mipselgstreamer1.0-plugins-good< 1.18.4-2+deb11u1gstreamer1.0-plugins-good_1.18.4-2+deb11u1_mipsel.deb
Debian11mips64elgstreamer1.0-gtk3-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-gtk3-dbgsym_1.18.4-2+deb11u1_mips64el.deb
Debian11mips64elgstreamer1.0-pulseaudio< 1.18.4-2+deb11u1gstreamer1.0-pulseaudio_1.18.4-2+deb11u1_mips64el.deb
Debian10armhfgstreamer1.0-pulseaudio< 1.14.4-1+deb10u2gstreamer1.0-pulseaudio_1.14.4-1+deb10u2_armhf.deb
Debian11ppc64elgstreamer1.0-pulseaudio< 1.18.4-2+deb11u1gstreamer1.0-pulseaudio_1.18.4-2+deb11u1_ppc64el.deb
Debian10armhfgstreamer1.0-gtk3< 1.14.4-1+deb10u2gstreamer1.0-gtk3_1.14.4-1+deb10u2_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	amd64	gstreamer1.0-plugins-good	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good_1.18.4-2+deb11u1_amd64.deb
Debian	11	ppc64el	gstreamer1.0-qt5-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian	11	ppc64el	gstreamer1.0-plugins-good-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian	11	ppc64el	gstreamer1.0-plugins-good	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good_1.18.4-2+deb11u1_ppc64el.deb
Debian	11	mipsel	gstreamer1.0-plugins-good	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good_1.18.4-2+deb11u1_mipsel.deb
Debian	11	mips64el	gstreamer1.0-gtk3-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-gtk3-dbgsym_1.18.4-2+deb11u1_mips64el.deb
Debian	11	mips64el	gstreamer1.0-pulseaudio	< 1.18.4-2+deb11u1	gstreamer1.0-pulseaudio_1.18.4-2+deb11u1_mips64el.deb
Debian	10	armhf	gstreamer1.0-pulseaudio	< 1.14.4-1+deb10u2	gstreamer1.0-pulseaudio_1.14.4-1+deb10u2_armhf.deb
Debian	11	ppc64el	gstreamer1.0-pulseaudio	< 1.18.4-2+deb11u1	gstreamer1.0-pulseaudio_1.18.4-2+deb11u1_ppc64el.deb
Debian	10	armhf	gstreamer1.0-gtk3	< 1.14.4-1+deb10u2	gstreamer1.0-gtk3_1.14.4-1+deb10u2_armhf.deb