Lucene search

DebianDEBIAN:DSA-4437-1:DEDA7

HistoryApr 29, 2019 - 8:48 p.m.

[SECURITY] [DSA 4437-1] gst-plugins-base1.0 security update

2019-04-2920:48:33

lists.debian.org

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

0.022 Low

EPSS

Percentile

89.6%

JSON

Debian Security Advisory DSA-4437-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
April 29, 2019 https://www.debian.org/security/faq

Package : gst-plugins-base1.0
CVE ID : CVE-2019-9928

It was discovered that a buffer overflow in the RTSP parser of the
GStreamer media framework may result in the execution of arbitrary code
if a malformed RSTP stream is opened.

For the stable distribution (stretch), this problem has been fixed in
version 1.10.4-1+deb9u1.

We recommend that you upgrade your gst-plugins-base1.0 packages.

For the detailed security status of gst-plugins-base1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-base1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8amd64gstreamer1.0-alsa< 1.4.4-2+deb8u2gstreamer1.0-alsa_1.4.4-2+deb8u2_amd64.deb
Debian9amd64gstreamer1.0-alsa< 1.10.4-1+deb9u1gstreamer1.0-alsa_1.10.4-1+deb9u1_amd64.deb
Debian9armhfgstreamer1.0-plugins-base-dbg< 1.10.4-1+deb9u1gstreamer1.0-plugins-base-dbg_1.10.4-1+deb9u1_armhf.deb
Debian9mips64elgstreamer1.0-x< 1.10.4-1+deb9u1gstreamer1.0-x_1.10.4-1+deb9u1_mips64el.deb
Debian8i386gir1.2-gst-plugins-base-1.0< 1.4.4-2+deb8u2gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u2_i386.deb
Debian8amd64gstreamer0.10-plugins-base-dbg< 0.10.36-2+deb8u1gstreamer0.10-plugins-base-dbg_0.10.36-2+deb8u1_amd64.deb
Debian9ppc64elgstreamer1.0-x< 1.10.4-1+deb9u1gstreamer1.0-x_1.10.4-1+deb9u1_ppc64el.deb
Debian8armelgstreamer1.0-plugins-base-dbg< 1.4.4-2+deb8u2gstreamer1.0-plugins-base-dbg_1.4.4-2+deb8u2_armel.deb
Debian8armelgstreamer1.0-plugins-base-apps< 1.4.4-2+deb8u2gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u2_armel.deb
Debian8armelgstreamer0.10-plugins-base-dbg< 0.10.36-2+deb8u1gstreamer0.10-plugins-base-dbg_0.10.36-2+deb8u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	amd64	gstreamer1.0-alsa	< 1.4.4-2+deb8u2	gstreamer1.0-alsa_1.4.4-2+deb8u2_amd64.deb
Debian	9	amd64	gstreamer1.0-alsa	< 1.10.4-1+deb9u1	gstreamer1.0-alsa_1.10.4-1+deb9u1_amd64.deb
Debian	9	armhf	gstreamer1.0-plugins-base-dbg	< 1.10.4-1+deb9u1	gstreamer1.0-plugins-base-dbg_1.10.4-1+deb9u1_armhf.deb
Debian	9	mips64el	gstreamer1.0-x	< 1.10.4-1+deb9u1	gstreamer1.0-x_1.10.4-1+deb9u1_mips64el.deb
Debian	8	i386	gir1.2-gst-plugins-base-1.0	< 1.4.4-2+deb8u2	gir1.2-gst-plugins-base-1.0_1.4.4-2+deb8u2_i386.deb
Debian	8	amd64	gstreamer0.10-plugins-base-dbg	< 0.10.36-2+deb8u1	gstreamer0.10-plugins-base-dbg_0.10.36-2+deb8u1_amd64.deb
Debian	9	ppc64el	gstreamer1.0-x	< 1.10.4-1+deb9u1	gstreamer1.0-x_1.10.4-1+deb9u1_ppc64el.deb
Debian	8	armel	gstreamer1.0-plugins-base-dbg	< 1.4.4-2+deb8u2	gstreamer1.0-plugins-base-dbg_1.4.4-2+deb8u2_armel.deb
Debian	8	armel	gstreamer1.0-plugins-base-apps	< 1.4.4-2+deb8u2	gstreamer1.0-plugins-base-apps_1.4.4-2+deb8u2_armel.deb
Debian	8	armel	gstreamer0.10-plugins-base-dbg	< 0.10.36-2+deb8u1	gstreamer0.10-plugins-base-dbg_0.10.36-2+deb8u1_armel.deb