Lucene search
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-736.NASLHistoryDec 08, 2016 - 12:00 a.m.
Debian DLA-736-1 : gst-plugins-bad0.10 security update
2016-12-0800:00:00
This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
An out of bounds heap bug was found in the H264 parser in gst-plugins-bad0.10.
For Debian 7 ‘Wheezy’, these problems have been fixed in version 0.10.23-7.1+deb7u4.
We recommend that you upgrade your gst-plugins-bad0.10 packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-736-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(95635);
script_version("2.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-9809");
script_name(english:"Debian DLA-736-1 : gst-plugins-bad0.10 security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An out of bounds heap bug was found in the H264 parser in
gst-plugins-bad0.10.
For Debian 7 'Wheezy', these problems have been fixed in version
0.10.23-7.1+deb7u4.
We recommend that you upgrade your gst-plugins-bad0.10 packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2016/12/msg00009.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/wheezy/gst-plugins-bad0.10"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-bad");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-bad-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-bad-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgstreamer-plugins-bad0.10-0");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libgstreamer-plugins-bad0.10-dev");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
script_set_attribute(attribute:"patch_publication_date", value:"2016/12/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/08");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"7.0", prefix:"gstreamer0.10-plugins-bad", reference:"0.10.23-7.1+deb7u4")) flag++;
if (deb_check(release:"7.0", prefix:"gstreamer0.10-plugins-bad-dbg", reference:"0.10.23-7.1+deb7u4")) flag++;
if (deb_check(release:"7.0", prefix:"gstreamer0.10-plugins-bad-doc", reference:"0.10.23-7.1+deb7u4")) flag++;
if (deb_check(release:"7.0", prefix:"libgstreamer-plugins-bad0.10-0", reference:"0.10.23-7.1+deb7u4")) flag++;
if (deb_check(release:"7.0", prefix:"libgstreamer-plugins-bad0.10-dev", reference:"0.10.23-7.1+deb7u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | gstreamer0.10-plugins-bad | p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-bad |
| debian | debian_linux | gstreamer0.10-plugins-bad-dbg | p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-bad-dbg |
| debian | debian_linux | gstreamer0.10-plugins-bad-doc | p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-bad-doc |
| debian | debian_linux | libgstreamer-plugins-bad0.10-0 | p-cpe:/a:debian:debian_linux:libgstreamer-plugins-bad0.10-0 |
| debian | debian_linux | libgstreamer-plugins-bad0.10-dev | p-cpe:/a:debian:debian_linux:libgstreamer-plugins-bad0.10-dev |
| debian | debian_linux | 7.0 | cpe:/o:debian:debian_linux:7.0 |
Related
nessus
nessus
openSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2017-208)
2017-02-06 00:00:00
openSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2017-85)
2017-01-17 00:00:00
openSUSE Security Update : gstreamer-0_10-plugins-bad (openSUSE-2017-152)
2017-01-27 00:00:00
osv
osv
gst-plugins-bad0.10 - security update
2016-12-08 00:00:00
CVE-2016-9809
2017-01-13 16:59:01
gst-plugins-bad0.10 - security update
2020-03-31 00:00:00
debian
debian
[SECURITY] [DLA 736-1] gst-plugins-bad0.10 security update
2016-12-08 07:44:53
[SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
2020-03-31 17:35:30
[SECURITY] [DSA 3818-1] gst-plugins-bad1.0 security update
2017-03-27 20:47:02
cve
cve
CVE-2016-9809
2017-01-13 16:59:00
openvas
openvas
Debian: Security Advisory (DLA-736-1)
2023-03-08 00:00:00
ubuntucve
ubuntucve
CVE-2016-9809
2017-01-13 00:00:00
prion
prion
Out-of-bounds
2017-01-13 16:59:00
alpinelinux
alpinelinux
CVE-2016-9809
2017-01-13 16:59:00
redhatcve
redhatcve
CVE-2016-9809
2016-12-06 10:47:38
debiancve
debiancve
CVE-2016-9809
2017-01-13 16:59:00
redhat
redhat
(RHSA-2017:0018) Moderate: gstreamer-plugins-bad-free security update
2017-01-05 08:42:29
(RHSA-2017:0021) Moderate: gstreamer1-plugins-bad-free security update
2017-01-05 08:52:23
fedora
fedora
[SECURITY] Fedora 24 Update: gstreamer1-plugins-bad-free-1.8.3-3.fc24
2016-12-10 00:29:29
[SECURITY] Fedora 25 Update: gstreamer-plugins-bad-free-0.10.23-35.fc25
2016-12-09 22:31:34
mageia
mageia
oraclelinux
oraclelinux
gstreamer-plugins-bad-free security update
2017-01-05 00:00:00
gstreamer1-plugins-bad-free security update
2017-01-05 00:00:00
centos
centos
gstreamer security update
2017-01-09 18:12:36
gstreamer1 security update
2017-01-09 18:11:54
suse
suse
Security update for gstreamer-plugins-bad (important)
2016-12-30 00:08:58
gentoo
gentoo
GStreamer plug-ins: User-assisted execution of arbitrary code
2017-05-18 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1850
2021-07-02 17:03:31
Related for DEBIAN_DLA-736.NASL