Gentoo FoundationMGASA-2018-0012Updated gstreamer0.10-plugins-bad/gstreamer1.0-plugins-bad packages fix security vulnerability
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.055 Low
EPSS
Percentile
93.1%
Chris Evans discovered that the GStreamer plugin to decode VMware screen capture files allowed the execution of arbitrary code (CVE-2016-9445, CVE-2016-9446). Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code (CVE-2016-9447). Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843, CVE-2017-5848). The gstreamer0.10-plugins-bad package was affected by CVE-2016-9445, CVE-2016-9446, CVE-2016-9447, CVE-2016-9809, CVE-2017-5843, and CVE-2017-5848). The gstreamer1.0-plugins-bad package was affected by CVE-2016-9445, CVE-2016-9446, CVE-2016-9809, CVE-2016-9812, CVE-2016-9813, CVE-2017-5843, and CVE-2017-5848.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Mageia | 5 | noarch | gstreamer0.10-plugins-bad | < 0.10.23-22.2 | gstreamer0.10-plugins-bad-0.10.23-22.2.mga5 |
| Mageia | 5 | noarch | gstreamer1.0-plugins-bad | < 1.4.3-2.1 | gstreamer1.0-plugins-bad-1.4.3-2.1.mga5 |
| Mageia | 5 | noarch | gstreamer0.10-plugins-bad | < 0.10.23-22.2 | gstreamer0.10-plugins-bad-0.10.23-22.2.mga5.tainted |
| Mageia | 5 | noarch | gstreamer1.0-plugins-bad | < 1.4.3-2.1 | gstreamer1.0-plugins-bad-1.4.3-2.1.mga5.tainted |
References
openwall.com/lists/oss-security/2016/11/18/12
openwall.com/lists/oss-security/2016/11/18/13
openwall.com/lists/oss-security/2016/12/05/8
bugs.mageia.org/show_bug.cgi?id=19802
bugs.mageia.org/show_bug.cgi?id=19814
bugs.mageia.org/show_bug.cgi?id=20238
lists.fedoraproject.org/archives/list/[email protected]/thread/IQKP5AYCCUOV4CJ6YAVAIDLWZRXEY7JG/
lwn.net/Vulnerabilities/708524/
lwn.net/Vulnerabilities/708873/
www.debian.org/security/2016/dsa-3713
www.debian.org/security/2016/dsa-3717
www.debian.org/security/2017/dsa-3818
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.055 Low
EPSS
Percentile
93.1%