[SECURITY] [DLA 3505-1] gst-plugins-good1.0 security update

2023-07-2517:12:19

lists.debian.org

gstreamer media framework

arbitrary code execution

denial of service

security update.

debian lts

debian 10 buster

cve-2023-37327

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H

7.7 High

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

16.3%

JSON

Debian LTS Advisory DLA-3505-1 [email protected]
https://www.debian.org/lts/security/ Thorsten Alteholz
July 25, 2023 https://wiki.debian.org/LTS

Package : gst-plugins-good1.0
Version : 1.14.4-1+deb10u3
CVE ID : CVE-2023-37327

Multiple multiple vulnerabilities were discovered in plugins for the
GStreamer media framework and its codecs and demuxers, which may result in
denial of service or potentially the execution of arbitrary code if a
malformed media file is opened.

For Debian 10 buster, this problem has been fixed in version
1.14.4-1+deb10u3.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11i386gstreamer1.0-plugins-good-dbgsym< 1.18.4-2+deb11u2gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u2_i386.deb
Debian11mipselgstreamer1.0-plugins-good-dbgsym< 1.18.4-2+deb11u2gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u2_mipsel.deb
Debian10armhfgstreamer1.0-gtk3< 1.14.4-1+deb10u3gstreamer1.0-gtk3_1.14.4-1+deb10u3_armhf.deb
Debian10amd64gstreamer1.0-plugins-good< 1.14.4-1+deb10u3gstreamer1.0-plugins-good_1.14.4-1+deb10u3_amd64.deb
Debian12armhfgstreamer1.0-gtk3-dbgsym< 1.22.0-5+deb12u1gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u1_armhf.deb
Debian10arm64gstreamer1.0-plugins-good< 1.14.4-1+deb10u3gstreamer1.0-plugins-good_1.14.4-1+deb10u3_arm64.deb
Debian12mipselgstreamer1.0-qt6< 1.22.0-5+deb12u1gstreamer1.0-qt6_1.22.0-5+deb12u1_mipsel.deb
Debian11s390xgstreamer1.0-qt5< 1.18.4-2+deb11u2gstreamer1.0-qt5_1.18.4-2+deb11u2_s390x.deb
Debian11armhfgstreamer1.0-gtk3-dbgsym< 1.18.4-2+deb11u2gstreamer1.0-gtk3-dbgsym_1.18.4-2+deb11u2_armhf.deb
Debian11mips64elgstreamer1.0-gtk3< 1.18.4-2+deb11u2gstreamer1.0-gtk3_1.18.4-2+deb11u2_mips64el.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	i386	gstreamer1.0-plugins-good-dbgsym	< 1.18.4-2+deb11u2	gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u2_i386.deb
Debian	11	mipsel	gstreamer1.0-plugins-good-dbgsym	< 1.18.4-2+deb11u2	gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u2_mipsel.deb
Debian	10	armhf	gstreamer1.0-gtk3	< 1.14.4-1+deb10u3	gstreamer1.0-gtk3_1.14.4-1+deb10u3_armhf.deb
Debian	10	amd64	gstreamer1.0-plugins-good	< 1.14.4-1+deb10u3	gstreamer1.0-plugins-good_1.14.4-1+deb10u3_amd64.deb
Debian	12	armhf	gstreamer1.0-gtk3-dbgsym	< 1.22.0-5+deb12u1	gstreamer1.0-gtk3-dbgsym_1.22.0-5+deb12u1_armhf.deb
Debian	10	arm64	gstreamer1.0-plugins-good	< 1.14.4-1+deb10u3	gstreamer1.0-plugins-good_1.14.4-1+deb10u3_arm64.deb
Debian	12	mipsel	gstreamer1.0-qt6	< 1.22.0-5+deb12u1	gstreamer1.0-qt6_1.22.0-5+deb12u1_mipsel.deb
Debian	11	s390x	gstreamer1.0-qt5	< 1.18.4-2+deb11u2	gstreamer1.0-qt5_1.18.4-2+deb11u2_s390x.deb
Debian	11	armhf	gstreamer1.0-gtk3-dbgsym	< 1.18.4-2+deb11u2	gstreamer1.0-gtk3-dbgsym_1.18.4-2+deb11u2_armhf.deb
Debian	11	mips64el	gstreamer1.0-gtk3	< 1.18.4-2+deb11u2	gstreamer1.0-gtk3_1.18.4-2+deb11u2_mips64el.deb