[SECURITY] [DSA 3819-1] gst-plugins-base1.0 security update

2017-03-2720:47:08

lists.debian.org

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Debian Security Advisory DSA-3819-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq

Package : gst-plugins-base1.0
CVE ID : CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842
CVE-2017-5844

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.

For the stable distribution (jessie), these problems have been fixed in
version 1.4.4-2+deb8u1.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 1.10.4-1.

For the unstable distribution (sid), these problems have been fixed in
version 1.10.4-1.

We recommend that you upgrade your gst-plugins-base1.0 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8powerpcgstreamer1.0-x< 1.4.4-2+deb8u1gstreamer1.0-x_1.4.4-2+deb8u1_powerpc.deb
Debian8s390xgstreamer1.0-alsa< 1.4.4-2+deb8u1gstreamer1.0-alsa_1.4.4-2+deb8u1_s390x.deb
Debian8powerpcgir1.2-gst-plugins-base-1.0< 1.4.4-2+deb8u1gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_powerpc.deb
Debian8i386gstreamer1.0-plugins-base< 1.4.4-2+deb8u1gstreamer1.0-plugins-base_1.4.4-2+deb8u1_i386.deb
Debian8i386gstreamer1.0-plugins-base-apps< 1.4.4-2+deb8u1gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u1_i386.deb
Debian8armelgir1.2-gst-plugins-base-1.0< 1.4.4-2+deb8u1gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_armel.deb
Debian8s390xgir1.2-gst-plugins-base-1.0< 1.4.4-2+deb8u1gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_s390x.deb
Debian8armelgstreamer1.0-plugins-base-dbg< 1.4.4-2+deb8u1gstreamer1.0-plugins-base-dbg_1.4.4-2+deb8u1_armel.deb
Debian8arm64gstreamer1.0-plugins-base-apps< 1.4.4-2+deb8u1gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u1_arm64.deb
Debian8s390xgstreamer1.0-x< 1.4.4-2+deb8u1gstreamer1.0-x_1.4.4-2+deb8u1_s390x.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	powerpc	gstreamer1.0-x	< 1.4.4-2+deb8u1	gstreamer1.0-x_1.4.4-2+deb8u1_powerpc.deb
Debian	8	s390x	gstreamer1.0-alsa	< 1.4.4-2+deb8u1	gstreamer1.0-alsa_1.4.4-2+deb8u1_s390x.deb
Debian	8	powerpc	gir1.2-gst-plugins-base-1.0	< 1.4.4-2+deb8u1	gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_powerpc.deb
Debian	8	i386	gstreamer1.0-plugins-base	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-base_1.4.4-2+deb8u1_i386.deb
Debian	8	i386	gstreamer1.0-plugins-base-apps	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u1_i386.deb
Debian	8	armel	gir1.2-gst-plugins-base-1.0	< 1.4.4-2+deb8u1	gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_armel.deb
Debian	8	s390x	gir1.2-gst-plugins-base-1.0	< 1.4.4-2+deb8u1	gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u1_s390x.deb
Debian	8	armel	gstreamer1.0-plugins-base-dbg	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-base-dbg_1.4.4-2+deb8u1_armel.deb
Debian	8	arm64	gstreamer1.0-plugins-base-apps	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u1_arm64.deb
Debian	8	s390x	gstreamer1.0-x	< 1.4.4-2+deb8u1	gstreamer1.0-x_1.4.4-2+deb8u1_s390x.deb