Fedora 25 : gstreamer-plugins-good (2016-dcde4f3cd2)

2016-12-12T00:00:00

Description

Disable insecure FLX plugin (rhbz#1397441) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "FEDORA_2016-DCDE4F3CD2.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "Fedora 25 : gstreamer-plugins-good (2016-dcde4f3cd2)", "description": "Disable insecure FLX plugin (rhbz#1397441)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-12-12T00:00:00", "modified": "2021-01-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/95689", "reporter": "This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634", "https://bodhi.fedoraproject.org/updates/FEDORA-2016-dcde4f3cd2"], "cvelist": ["CVE-2016-9634"], "immutableFields": [], "lastseen": "2021-08-19T12:38:55", "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "centos", "idList": ["CESA-2016:2975", "CESA-2017:0019", "CESA-2017:0020"]}, {"type": "cve", "idList": ["CVE-2016-9634"]}, {"type": "debian", "idList": ["DEBIAN:DLA-727-1:6162F", "DEBIAN:DLA-727-1:C8217", "DEBIAN:DSA-3723-1:A1811", "DEBIAN:DSA-3723-1:BE772", "DEBIAN:DSA-3724-1:AC8F0", "DEBIAN:DSA-3724-1:BE9F7"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9634"]}, {"type": "fedora", "idList": ["FEDORA:1228F60C7BFA", "FEDORA:54F636182D61", "FEDORA:E1A126087A13", "FEDORA:E64EC6061CC4"]}, {"type": "gentoo", "idList": ["GLSA-201705-10"]}, {"type": "ibm", "idList": ["D995A81E2B29F60F31EAC01457C3FCBD8FCDA87D427999BE37200D8550733BEC"]}, {"type": "mageia", "idList": ["MGASA-2016-0424"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2016-2975.NASL", "CENTOS_RHSA-2017-0019.NASL", "CENTOS_RHSA-2017-0020.NASL", "DEBIAN_DLA-727.NASL", "DEBIAN_DSA-3723.NASL", "DEBIAN_DSA-3724.NASL", "EULEROS_SA-2017-1062.NASL", "EULEROS_SA-2017-1063.NASL", "EULEROS_SA-2017-1064.NASL", "EULEROS_SA-2017-1065.NASL", "FEDORA_2016-3A45D79132.NASL", "FEDORA_2016-C883D07FBA.NASL", "FEDORA_2016-F4E992B0AC.NASL", "GENTOO_GLSA-201705-10.NASL", "OPENSUSE-2017-153.NASL", "OPENSUSE-2017-402.NASL", "OPENSUSE-2017-65.NASL", "OPENSUSE-2017-83.NASL", "OPENSUSE-2017-88.NASL", "OPENSUSE-2017-93.NASL", "ORACLELINUX_ELSA-2016-2975.NASL", "ORACLELINUX_ELSA-2017-0019.NASL", "ORACLELINUX_ELSA-2017-0020.NASL", "REDHAT-RHSA-2016-2975.NASL", "REDHAT-RHSA-2017-0019.NASL", "REDHAT-RHSA-2017-0020.NASL", "SL_20161221_GSTREAMER_PLUGINS_GOOD_ON_SL6_X.NASL", "SL_20170105_GSTREAMER1_PLUGINS_GOOD_ON_SL7_X.NASL", "SL_20170105_GSTREAMER_PLUGINS_GOOD_ON_SL7_X.NASL", "SUSE_SU-2016-3288-1.NASL", "SUSE_SU-2016-3303-1.NASL", "SUSE_SU-2017-0210-1.NASL", "SUSE_SU-2017-0225-1.NASL", "SUSE_SU-2017-0237-1.NASL", "VIRTUOZZO_VZLSA-2017-0019.NASL", "VIRTUOZZO_VZLSA-2017-0020.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310703723", "OPENVAS:1361412562310703724", "OPENVAS:1361412562310851470", "OPENVAS:1361412562310851471", "OPENVAS:1361412562310851476", "OPENVAS:1361412562310851481", "OPENVAS:1361412562310851498", "OPENVAS:1361412562310871733", "OPENVAS:1361412562310871738", "OPENVAS:1361412562310871741", "OPENVAS:1361412562310872071", "OPENVAS:1361412562310872086", "OPENVAS:1361412562310872109", "OPENVAS:1361412562310872154", "OPENVAS:1361412562310882617", "OPENVAS:1361412562310882625", "OPENVAS:1361412562310882628", "OPENVAS:1361412562311220171062", "OPENVAS:1361412562311220171063", "OPENVAS:1361412562311220171064", "OPENVAS:1361412562311220171065", "OPENVAS:703723", "OPENVAS:703724"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2975", "ELSA-2017-0019", "ELSA-2017-0020"]}, {"type": "osv", "idList": ["OSV:DLA-727-1", "OSV:DSA-3723-1", "OSV:DSA-3724-1"]}, {"type": "redhat", "idList": ["RHSA-2016:2975", "RHSA-2017:0019", "RHSA-2017:0020"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9634", "RH:CVE-2016-9635", "RH:CVE-2016-9636"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0071-1", "OPENSUSE-SU-2017:0141-1", "OPENSUSE-SU-2017:0151-1", "OPENSUSE-SU-2017:0160-1", "OPENSUSE-SU-2017:0298-1", "SUSE-SU-2016:3288-1", "SUSE-SU-2016:3303-1", "SUSE-SU-2017:0210-1", "SUSE-SU-2017:0225-1", "SUSE-SU-2017:0237-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9634"]}]}, "score": {"value": 0.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "centos", "idList": ["CESA-2016:2975", "CESA-2017:0019", "CESA-2017:0020"]}, {"type": "cve", "idList": ["CVE-2016-9634"]}, {"type": "debian", "idList": ["DEBIAN:DLA-727-1:C8217", "DEBIAN:DSA-3723-1:A1811", "DEBIAN:DSA-3724-1:AC8F0"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-9634"]}, {"type": "fedora", "idList": ["FEDORA:1228F60C7BFA", "FEDORA:54F636182D61", "FEDORA:E1A126087A13", "FEDORA:E64EC6061CC4"]}, {"type": "gentoo", "idList": ["GLSA-201705-10"]}, {"type": "ibm", "idList": ["D995A81E2B29F60F31EAC01457C3FCBD8FCDA87D427999BE37200D8550733BEC"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/GENTOO-LINUX-CVE-2016-9634/"]}, {"type": "nessus", "idList": ["CENTOS_RHSA-2016-2975.NASL", "CENTOS_RHSA-2017-0019.NASL", "CENTOS_RHSA-2017-0020.NASL", "DEBIAN_DLA-727.NASL", "DEBIAN_DSA-3723.NASL", "DEBIAN_DSA-3724.NASL", "EULEROS_SA-2017-1062.NASL", "EULEROS_SA-2017-1063.NASL", "EULEROS_SA-2017-1064.NASL", "EULEROS_SA-2017-1065.NASL", "FEDORA_2016-3A45D79132.NASL", "FEDORA_2016-C883D07FBA.NASL", "FEDORA_2016-F4E992B0AC.NASL", "GENTOO_GLSA-201705-10.NASL", "OPENSUSE-2017-65.NASL", "OPENSUSE-2017-83.NASL", "OPENSUSE-2017-88.NASL", "OPENSUSE-2017-93.NASL", "ORACLELINUX_ELSA-2016-2975.NASL", "ORACLELINUX_ELSA-2017-0019.NASL", "ORACLELINUX_ELSA-2017-0020.NASL", "REDHAT-RHSA-2016-2975.NASL", "REDHAT-RHSA-2017-0019.NASL", "REDHAT-RHSA-2017-0020.NASL", "SL_20161221_GSTREAMER_PLUGINS_GOOD_ON_SL6_X.NASL", "SL_20170105_GSTREAMER1_PLUGINS_GOOD_ON_SL7_X.NASL", "SL_20170105_GSTREAMER_PLUGINS_GOOD_ON_SL7_X.NASL", "SUSE_SU-2016-3288-1.NASL", "SUSE_SU-2016-3303-1.NASL", "SUSE_SU-2017-0210-1.NASL", "SUSE_SU-2017-0225-1.NASL", "SUSE_SU-2017-0237-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310871733", "OPENVAS:1361412562310872071", "OPENVAS:1361412562310872086", "OPENVAS:1361412562310872109", "OPENVAS:1361412562310872154", "OPENVAS:1361412562310882617", "OPENVAS:703723", "OPENVAS:703724"]}, {"type": "oraclelinux", "idList": ["ELSA-2016-2975", "ELSA-2017-0019", "ELSA-2017-0020"]}, {"type": "redhat", "idList": ["RHSA-2017:0019", "RHSA-2017:0020"]}, {"type": "redhatcve", "idList": ["RH:CVE-2016-9634", "RH:CVE-2016-9635", "RH:CVE-2016-9636"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:0071-1", "OPENSUSE-SU-2017:0141-1", "OPENSUSE-SU-2017:0151-1", "OPENSUSE-SU-2017:0160-1", "SUSE-SU-2016:3288-1", "SUSE-SU-2016:3303-1", "SUSE-SU-2017:0210-1", "SUSE-SU-2017:0225-1", "SUSE-SU-2017:0237-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-9634"]}]}, "exploitation": null, "vulnersScore": 0.3}, "pluginID": "95689", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-dcde4f3cd2.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95689);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9634\");\n script_xref(name:\"FEDORA\", value:\"2016-dcde4f3cd2\");\n\n script_name(english:\"Fedora 25 : gstreamer-plugins-good (2016-dcde4f3cd2)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Disable insecure FLX plugin (rhbz#1397441)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-dcde4f3cd2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"gstreamer-plugins-good-0.10.31-17.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good\");\n}\n", "naslFamily": "Fedora Local Security Checks", "cpe": ["p-cpe:/a:fedoraproject:fedora:gstreamer-plugins-good", "cpe:/o:fedoraproject:fedora:25"], "solution": "Update the affected gstreamer-plugins-good package.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {"risk factor": "Medium", "score": "5.9"}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2016-12-09T00:00:00", "vulnerabilityPublicationDate": "2017-01-27T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1659998956, "score": 1659975605}, "_internal": {"score_hash": "a9f14334271c6102dad3d04cfc163393"}, "vendor_cvss2": {}, "vendor_cvss3": {}}

{"nessus": [{"lastseen": "2021-08-19T12:39:00", "description": "Add fix for gstreamer FLIC decoder vulnerability\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-07T00:00:00", "type": "nessus", "title": "Fedora 24 : gstreamer1-plugins-good (2016-3a45d79132)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gstreamer1-plugins-good", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-3A45D79132.NASL", "href": "https://www.tenable.com/plugins/nessus/95579", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-3a45d79132.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95579);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9634\");\n script_xref(name:\"FEDORA\", value:\"2016-3a45d79132\");\n\n script_name(english:\"Fedora 24 : gstreamer1-plugins-good (2016-3a45d79132)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add fix for gstreamer FLIC decoder vulnerability\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-3a45d79132\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer1-plugins-good package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/07\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"gstreamer1-plugins-good-1.8.3-2.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:52", "description": "Add fix for gstreamer FLIC decoder vulnerability\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-05T00:00:00", "type": "nessus", "title": "Fedora 25 : gstreamer1-plugins-good (2016-c883d07fba)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gstreamer1-plugins-good", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2016-C883D07FBA.NASL", "href": "https://www.tenable.com/plugins/nessus/95495", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-c883d07fba.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95495);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9634\");\n script_xref(name:\"FEDORA\", value:\"2016-c883d07fba\");\n\n script_name(english:\"Fedora 25 : gstreamer1-plugins-good (2016-c883d07fba)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add fix for gstreamer FLIC decoder vulnerability\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-c883d07fba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer1-plugins-good package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"gstreamer1-plugins-good-1.10.1-2.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:39:04", "description": "Disable insecure FLX plugin (rhbz#1397441)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-16T00:00:00", "type": "nessus", "title": "Fedora 24 : gstreamer-plugins-good (2016-f4e992b0ac)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:gstreamer-plugins-good", "cpe:/o:fedoraproject:fedora:24"], "id": "FEDORA_2016-F4E992B0AC.NASL", "href": "https://www.tenable.com/plugins/nessus/95908", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2016-f4e992b0ac.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95908);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9634\");\n script_xref(name:\"FEDORA\", value:\"2016-f4e992b0ac\");\n\n script_name(english:\"Fedora 24 : gstreamer-plugins-good (2016-f4e992b0ac)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Disable insecure FLX plugin (rhbz#1397441)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2016-f4e992b0ac\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:24\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/16\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^24([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 24\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC24\", reference:\"gstreamer-plugins-good-0.10.31-17.fc24\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:51", "description": "Chris Evans discovered that the GStreamer 1.0 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing- exploitation.html", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-25T00:00:00", "type": "nessus", "title": "Debian DSA-3723-1 : gst-plugins-good1.0 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gst-plugins-good1.0", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3723.NASL", "href": "https://www.tenable.com/plugins/nessus/95297", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3723. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95297);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n script_xref(name:\"DSA\", value:\"3723\");\n\n script_name(english:\"Debian DSA-3723-1 : gst-plugins-good1.0 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans discovered that the GStreamer 1.0 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-\nexploitation.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845375\"\n );\n # https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7b63c30\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/gst-plugins-good1.0\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3723\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gst-plugins-good1.0 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 1.4.4-2+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gst-plugins-good1.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer1.0-plugins-good\", reference:\"1.4.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer1.0-plugins-good-dbg\", reference:\"1.4.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer1.0-plugins-good-doc\", reference:\"1.4.4-2+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer1.0-pulseaudio\", reference:\"1.4.4-2+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:55", "description": "Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing- exploitati on.html\n\nThis update removes the insecure FLIC file format plugin.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version 0.10.31-3+nmu1+deb7u1.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-01T00:00:00", "type": "nessus", "title": "Debian DLA-727-1 : gst-plugins-good0.10 security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gstreamer0.10-gconf", "p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-good", "p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-good-dbg", "p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-good-doc", "p-cpe:/a:debian:debian_linux:gstreamer0.10-pulseaudio", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DLA-727.NASL", "href": "https://www.tenable.com/plugins/nessus/95413", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-727-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95413);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n\n script_name(english:\"Debian DLA-727-1 : gst-plugins-good0.10 security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-\nexploitati on.html\n\nThis update removes the insecure FLIC file format plugin.\n\nFor Debian 7 'Wheezy', these problems have been fixed in version\n0.10.31-3+nmu1+deb7u1.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2016/11/msg00033.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/gst-plugins-good0.10\"\n );\n # https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitati\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b3e791ad\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gstreamer0.10-gconf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-good-dbg\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gstreamer0.10-plugins-good-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gstreamer0.10-pulseaudio\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"gstreamer0.10-gconf\", reference:\"0.10.31-3+nmu1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"gstreamer0.10-plugins-good\", reference:\"0.10.31-3+nmu1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"gstreamer0.10-plugins-good-dbg\", reference:\"0.10.31-3+nmu1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"gstreamer0.10-plugins-good-doc\", reference:\"0.10.31-3+nmu1+deb7u1\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"gstreamer0.10-pulseaudio\", reference:\"0.10.31-3+nmu1+deb7u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:42", "description": "Chris Evans discovered that the GStreamer 0.10 plugin used to decode files in the FLIC format allowed execution of arbitrary code. Further details can be found in his advisory at https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing- exploitation.html\n\nThis update removes the insecure FLIC file format plugin.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-11-25T00:00:00", "type": "nessus", "title": "Debian DSA-3724-1 : gst-plugins-good0.10 - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:gst-plugins-good0.10", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DSA-3724.NASL", "href": "https://www.tenable.com/plugins/nessus/95298", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3724. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95298);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n script_xref(name:\"DSA\", value:\"3724\");\n\n script_name(english:\"Debian DSA-3724-1 : gst-plugins-good0.10 - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Chris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-\nexploitation.html\n\nThis update removes the insecure FLIC file format plugin.\"\n );\n # https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c7b63c30\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/gst-plugins-good0.10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2016/dsa-3724\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gst-plugins-good0.10 packages.\n\nFor the stable distribution (jessie), these problems have been fixed\nin version 0.10.31-3+nmu4+deb8u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gst-plugins-good0.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer0.10-gconf\", reference:\"0.10.31-3+nmu4+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer0.10-plugins-good\", reference:\"0.10.31-3+nmu4+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer0.10-plugins-good-dbg\", reference:\"0.10.31-3+nmu4+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer0.10-plugins-good-doc\", reference:\"0.10.31-3+nmu4+deb8u2\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"gstreamer0.10-pulseaudio\", reference:\"0.10.31-3+nmu4+deb8u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:55", "description": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "CentOS 7 : gstreamer1-plugins-good (CESA-2017:0020)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gstreamer1-plugins-good", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/96341", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0020 and \n# CentOS Errata and Security Advisory 2017:0020 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96341);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2017:0020\");\n\n script_name(english:\"CentOS 7 : gstreamer1-plugins-good (CESA-2017:0020)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gstreamer1-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer1-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-January/022195.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e05d82b8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer1-plugins-good package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9634\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gstreamer1-plugins-good-1.4.5-3.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:05", "description": "Security Fix(es) :\n\n - Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n - An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 (20170105)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good", "p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-devel-docs", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170105_GSTREAMER_PLUGINS_GOOD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/96333", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96333);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n\n script_name(english:\"Scientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 (20170105)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were discovered in GStreamer's\n FLC/FLI/FLX media file format decoding plug-in. A remote\n attacker could use these flaws to cause an application\n using GStreamer to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n the application. (CVE-2016-9634, CVE-2016-9635,\n CVE-2016-9636, CVE-2016-9808)\n\n - An invalid memory read access flaw was found in\n GStreamer's FLC/FLI/FLX media file format decoding\n plug-in. A remote attacker could use this flaw to cause\n an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=2427\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9eaa73a4\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins-good,\ngstreamer-plugins-good-debuginfo and / or\ngstreamer-plugins-good-devel-docs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-0.10.31-12.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:44", "description": "From Red Hat Security Advisory 2017:0020 :\n\nAn update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : gstreamer1-plugins-good (ELSA-2017-0020)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gstreamer1-plugins-good", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/96328", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0020 and \n# Oracle Linux Security Advisory ELSA-2017-0020 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96328);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2017:0020\");\n\n script_name(english:\"Oracle Linux 7 : gstreamer1-plugins-good (ELSA-2017-0020)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0020 :\n\nAn update for gstreamer1-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer1-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-January/006614.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer1-plugins-good package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gstreamer1-plugins-good-1.4.5-3.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:26:50", "description": "According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer (CVE-2016-9636 )\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gstreamer-plugins-good", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1062.NASL", "href": "https://www.tenable.com/plugins/nessus/99909", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99909);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9634\",\n \"CVE-2016-9635\",\n \"CVE-2016-9636\",\n \"CVE-2016-9807\",\n \"CVE-2016-9808\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gstreamer-plugins-good package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'write count' that\n goes beyond the initialized buffer (CVE-2016-9636 )\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'skip count' that\n goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) via the start_line\n parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows\n remote attackers to cause a denial of service\n (out-of-bounds write and crash) via a crafted series of\n skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c\n in GStreamer before 1.10.2 allows remote attackers to\n cause a denial of service (invalid memory read and\n crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1062\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?48ee552c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gstreamer-plugins-good packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gstreamer-plugins-good-0.10.31-12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:31:04", "description": "An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : gstreamer-plugins-good / etc (VZLSA-2017-0019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:gstreamer-plugins-good", "p-cpe:/a:virtuozzo:virtuozzo:gstreamer-plugins-good-devel-docs", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/101402", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101402);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-9634\",\n \"CVE-2016-9635\",\n \"CVE-2016-9636\",\n \"CVE-2016-9807\",\n \"CVE-2016-9808\"\n );\n\n script_name(english:\"Virtuozzo 7 : gstreamer-plugins-good / etc (VZLSA-2017-0019)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for gstreamer-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0019.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42d41748\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0019\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gstreamer-plugins-good / etc package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:gstreamer-plugins-good-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"gstreamer-plugins-good-0.10.31-12.vl7\",\n \"gstreamer-plugins-good-devel-docs-0.10.31-12.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:26:49", "description": "According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.(CVE-2016-9636)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gstreamer1-plugins-good", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1064.NASL", "href": "https://www.tenable.com/plugins/nessus/99911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99911);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9634\",\n \"CVE-2016-9635\",\n \"CVE-2016-9636\",\n \"CVE-2016-9807\",\n \"CVE-2016-9808\"\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gstreamer1-plugins-good package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'write count' that\n goes beyond the initialized buffer.(CVE-2016-9636)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'skip count' that\n goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) via the start_line\n parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows\n remote attackers to cause a denial of service\n (out-of-bounds write and crash) via a crafted series of\n skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c\n in GStreamer before 1.10.2 allows remote attackers to\n cause a denial of service (invalid memory read and\n crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1064\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bd80bf7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gstreamer1-plugins-good packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gstreamer1-plugins-good-1.4.5-3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:31:03", "description": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\n\nNote that Tenable Network Security has attempted to extract the preceding description block directly from the corresponding Red Hat security advisory. Virtuozzo provides no description for VZLSA advisories. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-07-13T00:00:00", "type": "nessus", "title": "Virtuozzo 7 : gstreamer1-plugins-good (VZLSA-2017-0020)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:virtuozzo:virtuozzo:gstreamer1-plugins-good", "cpe:/o:virtuozzo:virtuozzo:7"], "id": "VIRTUOZZO_VZLSA-2017-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/101403", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101403);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2016-9634\",\n \"CVE-2016-9635\",\n \"CVE-2016-9636\",\n \"CVE-2016-9807\",\n \"CVE-2016-9808\"\n );\n\n script_name(english:\"Virtuozzo 7 : gstreamer1-plugins-good (VZLSA-2017-0020)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update for gstreamer1-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer1-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\n\nNote that Tenable Network Security has attempted to extract the\npreceding description block directly from the corresponding Red Hat\nsecurity advisory. Virtuozzo provides no description for VZLSA\nadvisories. Tenable has attempted to automatically clean and format\nit as much as possible without introducing additional issues.\");\n # http://repo.virtuozzo.com/vzlinux/announcements/json/VZLSA-2017-0020.json\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?eee770c7\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2017-0020\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gstreamer1-plugins-good package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nflag = 0;\n\npkgs = [\"gstreamer1-plugins-good-1.4.5-3.vl7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"Virtuozzo-7\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:15", "description": "According to the versions of the gstreamer1-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.(CVE-2016-9636)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gstreamer1-plugins-good", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1065.NASL", "href": "https://www.tenable.com/plugins/nessus/99912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99912);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9634\",\n \"CVE-2016-9635\",\n \"CVE-2016-9636\",\n \"CVE-2016-9807\",\n \"CVE-2016-9808\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gstreamer1-plugins-good package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'write count' that\n goes beyond the initialized buffer.(CVE-2016-9636)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'skip count' that\n goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) via the start_line\n parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows\n remote attackers to cause a denial of service\n (out-of-bounds write and crash) via a crafted series of\n skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c\n in GStreamer before 1.10.2 allows remote attackers to\n cause a denial of service (invalid memory read and\n crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1065\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fdd895d6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gstreamer1-plugins-good packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gstreamer1-plugins-good-1.4.5-3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:28", "description": "Security Fix(es) :\n\n - Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n - An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gstreamer1-plugins-good on SL7.x x86_64 (20170105)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gstreamer1-plugins-good", "p-cpe:/a:fermilab:scientific_linux:gstreamer1-plugins-good-debuginfo", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20170105_GSTREAMER1_PLUGINS_GOOD_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/96331", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96331);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n\n script_name(english:\"Scientific Linux Security Update : gstreamer1-plugins-good on SL7.x x86_64 (20170105)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were discovered in GStreamer's\n FLC/FLI/FLX media file format decoding plug-in. A remote\n attacker could use these flaws to cause an application\n using GStreamer to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n the application. (CVE-2016-9634, CVE-2016-9635,\n CVE-2016-9636, CVE-2016-9808)\n\n - An invalid memory read access flaw was found in\n GStreamer's FLC/FLI/FLX media file format decoding\n plug-in. A remote attacker could use this flaw to cause\n an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1701&L=scientific-linux-errata&F=&S=&P=1590\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6e4d6d65\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer1-plugins-good and / or\ngstreamer1-plugins-good-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer1-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gstreamer1-plugins-good-1.4.5-3.el7_3\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good / gstreamer1-plugins-good-debuginfo\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:28", "description": "An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "RHEL 6 : gstreamer-plugins-good (RHSA-2016:2975)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good", "p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2016-2975.NASL", "href": "https://www.tenable.com/plugins/nessus/96040", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2975. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96040);\n script_version(\"3.14\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2016:2975\");\n\n script_name(english:\"RHEL 6 : gstreamer-plugins-good (RHSA-2016:2975)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gstreamer-plugins-good is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2016:2975\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9808\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins-good,\ngstreamer-plugins-good-debuginfo and / or gstreamer-plugins-good-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2016:2975\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", reference:\"gstreamer-plugins-good-0.10.23-4.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"gstreamer-plugins-good-devel-0.10.23-4.el6_8\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:37", "description": "Security Fix(es) :\n\n - Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n - An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-21T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : gstreamer-plugins-good on SL6.x i386/x86_64 (20161221)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good", "p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-debuginfo", "p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20161221_GSTREAMER_PLUGINS_GOOD_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/96042", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96042);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n\n script_name(english:\"Scientific Linux Security Update : gstreamer-plugins-good on SL6.x i386/x86_64 (20161221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - Multiple flaws were discovered in GStreamer's\n FLC/FLI/FLX media file format decoding plug-in. A remote\n attacker could use these flaws to cause an application\n using GStreamer to crash or, potentially, execute\n arbitrary code with the privileges of the user running\n the application. (CVE-2016-9634, CVE-2016-9635,\n CVE-2016-9636, CVE-2016-9808)\n\n - An invalid memory read access flaw was found in\n GStreamer's FLC/FLI/FLX media file format decoding\n plug-in. A remote attacker could use this flaw to cause\n an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1612&L=scientific-linux-errata&F=&S=&P=18190\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66b88a0f\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins-good,\ngstreamer-plugins-good-debuginfo and / or gstreamer-plugins-good-devel\npackages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:gstreamer-plugins-good-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"gstreamer-plugins-good-0.10.23-4.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"gstreamer-plugins-good-devel-0.10.23-4.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:21", "description": "An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "CentOS 6 : gstreamer-plugins-good (CESA-2016:2975)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gstreamer-plugins-good", "p-cpe:/a:centos:centos:gstreamer-plugins-good-devel", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2016-2975.NASL", "href": "https://www.tenable.com/plugins/nessus/96050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2016:2975 and \n# CentOS Errata and Security Advisory 2016:2975 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96050);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2016:2975\");\n\n script_name(english:\"CentOS 6 : gstreamer-plugins-good (CESA-2016:2975)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gstreamer-plugins-good is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2016-December/022188.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?89f297e6\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9634\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins-good-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"gstreamer-plugins-good-0.10.23-4.el6_8\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"gstreamer-plugins-good-devel-0.10.23-4.el6_8\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:38:18", "description": "From Red Hat Security Advisory 2016:2975 :\n\nAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-12-22T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : gstreamer-plugins-good (ELSA-2016-2975)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gstreamer-plugins-good", "p-cpe:/a:oracle:linux:gstreamer-plugins-good-devel", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2016-2975.NASL", "href": "https://www.tenable.com/plugins/nessus/96067", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2016:2975 and \n# Oracle Linux Security Advisory ELSA-2016-2975 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96067);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2016:2975\");\n\n script_name(english:\"Oracle Linux 6 : gstreamer-plugins-good (ELSA-2016-2975)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2016:2975 :\n\nAn update for gstreamer-plugins-good is now available for Red Hat\nEnterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2016-December/006597.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins-good-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"gstreamer-plugins-good-0.10.23-4.el6_8\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"gstreamer-plugins-good-devel-0.10.23-4.el6_8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-devel\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:38", "description": "From Red Hat Security Advisory 2017:0019 :\n\nAn update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-06T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : gstreamer-plugins-good (ELSA-2017-0019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:gstreamer-plugins-good", "p-cpe:/a:oracle:linux:gstreamer-plugins-good-devel-docs", "cpe:/o:oracle:linux:7"], "id": "ORACLELINUX_ELSA-2017-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/96327", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2017:0019 and \n# Oracle Linux Security Advisory ELSA-2017-0019 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96327);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2017:0019\");\n\n script_name(english:\"Oracle Linux 7 : gstreamer-plugins-good (ELSA-2017-0019)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2017:0019 :\n\nAn update for gstreamer-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-January/006612.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gstreamer-plugins-good-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/06\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-0.10.31-12.el7_3\")) flag++;\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-devel-docs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:40", "description": "An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "RHEL 7 : gstreamer-plugins-good (RHSA-2017:0019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good", "p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-debuginfo", "p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel-docs", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/96311", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0019. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96311);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2017:0019\");\n\n script_name(english:\"RHEL 7 : gstreamer-plugins-good (RHSA-2017:0019)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gstreamer-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0019\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9808\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer-plugins-good,\ngstreamer-plugins-good-debuginfo and / or\ngstreamer-plugins-good-devel-docs packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer-plugins-good-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0019\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"gstreamer-plugins-good-0.10.31-12.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gstreamer-plugins-good-debuginfo-0.10.31-12.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:16:30", "description": "An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-05T00:00:00", "type": "nessus", "title": "RHEL 7 : gstreamer1-plugins-good (RHSA-2017:0020)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2019-10-24T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:gstreamer1-plugins-good", "p-cpe:/a:redhat:enterprise_linux:gstreamer1-plugins-good-debuginfo", "cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:7.3", "cpe:/o:redhat:enterprise_linux:7.4", "cpe:/o:redhat:enterprise_linux:7.5", "cpe:/o:redhat:enterprise_linux:7.6", "cpe:/o:redhat:enterprise_linux:7.7"], "id": "REDHAT-RHSA-2017-0020.NASL", "href": "https://www.tenable.com/plugins/nessus/96312", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0020. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(96312);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2019/10/24 15:35:42\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2017:0020\");\n\n script_name(english:\"RHEL 7 : gstreamer1-plugins-good (RHSA-2017:0020)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gstreamer1-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer1-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2017:0020\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9634\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9635\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9636\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9807\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2016-9808\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Update the affected gstreamer1-plugins-good and / or\ngstreamer1-plugins-good-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer1-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gstreamer1-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7.7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2017:0020\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", reference:\"gstreamer1-plugins-good-1.4.5-3.el7_3\")) flag++;\n\n if (rpm_check(release:\"RHEL7\", reference:\"gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer1-plugins-good / gstreamer1-plugins-good-debuginfo\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:32", "description": "According to the versions of the gstreamer-plugins-good package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.(CVE-2016-9636)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-02T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:gstreamer-plugins-good", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2017-1063.NASL", "href": "https://www.tenable.com/plugins/nessus/99910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99910);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2016-9634\",\n \"CVE-2016-9635\",\n \"CVE-2016-9636\",\n \"CVE-2016-9807\",\n \"CVE-2016-9808\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gstreamer-plugins-good package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'write count' that\n goes beyond the initialized buffer.(CVE-2016-9636)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) by providing a 'skip count' that\n goes beyond initialized buffer.(CVE-2016-9635)\n\n - Heap-based buffer overflow in the flx_decode_delta_fli\n function in gst/flx/gstflxdec.c in the FLIC decoder in\n GStreamer before 1.10.2 allows remote attackers to\n execute arbitrary code or cause a denial of service\n (application crash) via the start_line\n parameter.(CVE-2016-9634)\n\n - The FLIC decoder in GStreamer before 1.10.2 allows\n remote attackers to cause a denial of service\n (out-of-bounds write and crash) via a crafted series of\n skip and count pairs.(CVE-2016-9808)\n\n - The flx_decode_chunks function in gst/flx/gstflxdec.c\n in GStreamer before 1.10.2 allows remote attackers to\n cause a denial of service (invalid memory read and\n crash) via a crafted FLIC file.(CVE-2016-9807)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1063\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1203572d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gstreamer-plugins-good packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"gstreamer-plugins-good-0.10.31-12\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:23", "description": "An update for gstreamer-plugins-good is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "CentOS 7 : gstreamer-plugins-good (CESA-2017:0019)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:gstreamer-plugins-good", "p-cpe:/a:centos:centos:gstreamer-plugins-good-devel-docs", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2017-0019.NASL", "href": "https://www.tenable.com/plugins/nessus/96340", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2017:0019 and \n# CentOS Errata and Security Advisory 2017:0019 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96340);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_xref(name:\"RHSA\", value:\"2017:0019\");\n\n script_name(english:\"CentOS 7 : gstreamer-plugins-good (CESA-2017:0019)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for gstreamer-plugins-good is now available for Red Hat\nEnterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nGStreamer is a streaming media framework based on graphs of filters\nwhich operate on media data. The gstreamer-plugins-good packages\ncontain a collection of well-supported plug-ins of good quality and\nunder the LGPL license.\n\nSecurity Fix(es) :\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to\ncause an application using GStreamer to crash or, potentially, execute\narbitrary code with the privileges of the user running the\napplication. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,\nCVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's\nFLC/FLI/FLX media file format decoding plug-in. A remote attacker\ncould use this flaw to cause an application using GStreamer to crash.\n(CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2017-January/022197.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b3031db\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-9634\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gstreamer-plugins-good-devel-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 7.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-0.10.31-12.el7_3\")) flag++;\nif (rpm_check(release:\"CentOS-7\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-devel-docs-0.10.31-12.el7_3\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-devel-docs\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:12", "description": "This update for gstreamer-0_10-plugins-good fixes the following issues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-153)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-153.NASL", "href": "https://www.tenable.com/plugins/nessus/96862", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-153.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96862);\n script_version(\"3.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-153)\");\n script_summary(english:\"Check for the openSUSE-2017-153 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-0_10-plugins-good fixes the following \nissues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files\n from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files\n from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous\n unreferences, leading to invalid memory access and DoS\n (bsc#1013663)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-0_10-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugin-esd-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugin-esd-debuginfo-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugins-good-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugins-good-debuginfo-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugins-good-debugsource-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugins-good-extra-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugins-good-extra-debuginfo-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugin-esd-32bit-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugin-esd-debuginfo-32bit-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-32bit-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-debuginfo-32bit-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-extra-32bit-0.10.31-16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-extra-debuginfo-32bit-0.10.31-16.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugin-esd / gstreamer-0_10-plugin-esd-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:16:47", "description": "This update for gstreamer-plugins-good fixes the following issues :\n\n - CVE-2016-9807: flic decoder invalid read could lead to crash [bsc#1013655]\n\n - CVE-2016-9634: flic out-of-bounds write could lead to code execution [bsc#1012102]\n\n - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012103]\n\n - CVE-2016-9635: flic out-of-bounds write could lead to code execution [bsc#1012104]\n\n - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. [bsc#1013653]\n\n - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses [bsc#1013663]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3288-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gstreamer-plugins-good", "p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debuginfo", "p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3288-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96257", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3288-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96257);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3288-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-plugins-good fixes the following issues :\n\n - CVE-2016-9807: flic decoder invalid read could lead to\n crash [bsc#1013655]\n\n - CVE-2016-9634: flic out-of-bounds write could lead to\n code execution [bsc#1012102]\n\n - CVE-2016-9635: flic out-of-bounds write could lead to\n code execution [bsc#1012103]\n\n - CVE-2016-9635: flic out-of-bounds write could lead to\n code execution [bsc#1012104]\n\n - CVE-2016-9808: A maliciously crafted flic file can still\n cause invalid memory accesses. [bsc#1013653]\n\n - CVE-2016-9810: A maliciously crafted flic file can still\n cause invalid memory accesses [bsc#1013663]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9810/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163288-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?66471953\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1922=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1922=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gstreamer-plugins-good-1.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gstreamer-plugins-good-debuginfo-1.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"gstreamer-plugins-good-debugsource-1.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-1.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debuginfo-1.2.4-2.3.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debugsource-1.2.4-2.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:09", "description": "This update for gstreamer-plugins-good fixes the following issues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-83)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debugsource", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-lang", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2017-83.NASL", "href": "https://www.tenable.com/plugins/nessus/96549", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-83.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96549);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-83)\");\n script_summary(english:\"Check for the openSUSE-2017-83 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-plugins-good fixes the following issues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files\n from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files\n from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous\n unreferences, leading to invalid memory access and DoS\n (bsc#1013663)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-plugins-good-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-plugins-good-debuginfo-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-plugins-good-debugsource-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-plugins-good-extra-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-plugins-good-extra-debuginfo-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-plugins-good-lang-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-32bit-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debuginfo-32bit-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-extra-32bit-1.4.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-extra-debuginfo-32bit-1.4.3-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:28", "description": "gstreamer-0_10-plugins-good was updated to fix five security issues.\nThese security issues were fixed :\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103).\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102).\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663).\n\n - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655).\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653). To install this update libbz2-1 needs to be installed if it isn't already present on the system.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0237-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debuginfo", "p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0237-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96695", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0237-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96695);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0237-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gstreamer-0_10-plugins-good was updated to fix five security issues.\nThese security issues were fixed :\n\n - CVE-2016-9635: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012103).\n\n - CVE-2016-9634: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012102).\n\n - CVE-2016-9810: Invalid files can be used to extraneous\n unreferences, leading to invalid memory access and DoS\n (bsc#1013663).\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655).\n\n - CVE-2016-9808: Prevent maliciously crafted flic files\n from causing invalid memory accesses (bsc#1013653). To\n install this update libbz2-1 needs to be installed if it\n isn't already present on the system.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9810/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170237-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7a79420d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch\nSUSE-SLE-WE-12-SP1-2017-118=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2017-118=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-0.10.31-13.3.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-debuginfo-0.10.31-13.3.3\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-debugsource-0.10.31-13.3.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:16:26", "description": "This update for gstreamer-plugins-good fixes the following security issues :\n\n - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655)\n\n - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104)\n\n - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653)\n\n - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update project.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-10T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-65)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debugsource", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-lang", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-65.NASL", "href": "https://www.tenable.com/plugins/nessus/96384", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-65.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96384);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-65)\");\n script_summary(english:\"Check for the openSUSE-2017-65 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-plugins-good fixes the following security\nissues :\n\n - CVE-2016-9807: Flic decoder invalid read could lead to\n crash. (bsc#1013655)\n\n - CVE-2016-9634: Flic out-of-bounds write could lead to\n code execution. (bsc#1012102)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to\n code execution. (bsc#1012103)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to\n code execution. (bsc#1012104)\n\n - CVE-2016-9808: A maliciously crafted flic file can still\n cause invalid memory accesses. (bsc#1013653)\n\n - CVE-2016-9810: A maliciously crafted flic file can still\n cause invalid memory accesses. (bsc#1013663)\n\nThis update was imported from the SUSE:SLE-12-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-plugins-good-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-plugins-good-debuginfo-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-plugins-good-debugsource-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-plugins-good-extra-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-plugins-good-extra-debuginfo-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-plugins-good-lang-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-32bit-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debuginfo-32bit-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-extra-32bit-1.8.3-3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-extra-debuginfo-32bit-1.8.3-3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:18", "description": "This update for gstreamer-0_10-plugins-good fixes the following issues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-20T00:00:00", "type": "nessus", "title": "SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0210-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debuginfo", "p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2017-0210-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96654", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0210-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96654);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0210-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-0_10-plugins-good fixes the following \nissues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files\n from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files\n from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous\n unreferences, leading to invalid memory access and DoS\n (bsc#1013663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9810/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170210-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7dbb9b73\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch\nSUSE-SLE-WE-12-SP2-2017-104=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2017-104=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-0.10.31-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-debuginfo-0.10.31-16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-debugsource-0.10.31-16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:19", "description": "gstreamer-0_10-plugins-good was updated to fix six security issues.\nThese security issues were fixed :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104).\n\n - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-23T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0225-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-doc", "p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2017-0225-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96694", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2017:0225-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96694);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"SUSE SLES11 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0225-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"gstreamer-0_10-plugins-good was updated to fix six security issues.\nThese security issues were fixed :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files\n from causing invalid memory writes (bsc#1012104).\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files\n from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous\n unreferences, leading to invalid memory access and DoS\n (bsc#1013663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9810/\"\n );\n # https://www.suse.com/support/update/announcement/2017/suse-su-20170225-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?616c962d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11-SP4:zypper in -t patch\nslessp4-gstreamer-0_10-plugins-good-12948=1\n\nSUSE Linux Enterprise Debuginfo 11-SP4:zypper in -t patch\ndbgsp4-gstreamer-0_10-plugins-good-12948=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gstreamer-0_10-plugins-good-0.10.30-5.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gstreamer-0_10-plugins-good-doc-0.10.30-5.14.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:\"4\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.30-5.14.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:23:31", "description": "This update for gstreamer-0_10-plugins-good fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2016-9634, CVE-2016-9635: add some bounds checking (boo#1012102 boo#1012103).\n\n - CVE-2016-9636: fix casting for some comparisons (boo#1012104).\n\n - CVE-2016-9807, CVE-2016-9808: rewrite logic using GsgtByteReader/Writer (boo#1013653 boo#1013655).\n\n - CVE-2016-9810: don't unref() parent in the chain function (boo#1013663).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-04-03T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2017-402.NASL", "href": "https://www.tenable.com/plugins/nessus/99150", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-402.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(99150);\n script_version(\"3.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402)\");\n script_summary(english:\"Check for the openSUSE-2017-402 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-0_10-plugins-good fixes the following \nissues :\n\nSecurity issues fixed :\n\n - CVE-2016-9634, CVE-2016-9635: add some bounds checking\n (boo#1012102 boo#1012103).\n\n - CVE-2016-9636: fix casting for some comparisons\n (boo#1012104).\n\n - CVE-2016-9807, CVE-2016-9808: rewrite logic using\n GsgtByteReader/Writer (boo#1013653 boo#1013655).\n\n - CVE-2016-9810: don't unref() parent in the chain\n function (boo#1013663).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-0_10-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/04/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugin-esd-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugin-esd-debuginfo-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugins-good-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugins-good-debuginfo-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugins-good-debugsource-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugins-good-extra-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugins-good-extra-debuginfo-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugin-esd-32bit-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugin-esd-debuginfo-32bit-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-32bit-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-debuginfo-32bit-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-extra-32bit-0.10.31-17.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-extra-debuginfo-32bit-0.10.31-17.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugin-esd / gstreamer-0_10-plugin-esd-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:18:33", "description": "This update for gstreamer-0_10-plugins-good fixes the following issues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-88)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2017-88.NASL", "href": "https://www.tenable.com/plugins/nessus/96554", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-88.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96554);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-88)\");\n script_summary(english:\"Check for the openSUSE-2017-88 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-0_10-plugins-good fixes the following \nissues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files\n from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files\n from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous\n unreferences, leading to invalid memory access and DoS\n (bsc#1013663)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-0_10-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugin-esd-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-extra-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-0_10-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugin-esd-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugin-esd-debuginfo-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugins-good-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugins-good-debuginfo-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugins-good-debugsource-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugins-good-extra-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugins-good-extra-debuginfo-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"gstreamer-0_10-plugins-good-lang-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugin-esd-32bit-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugin-esd-debuginfo-32bit-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-32bit-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-debuginfo-32bit-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-extra-32bit-0.10.31-13.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", cpu:\"x86_64\", reference:\"gstreamer-0_10-plugins-good-extra-debuginfo-32bit-0.10.31-13.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-0_10-plugin-esd / gstreamer-0_10-plugin-esd-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:16:41", "description": "This update for gstreamer-plugins-good fixes the following security issues :\n\n - CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655)\n\n - CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104)\n\n - CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653)\n\n - CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-03T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3303-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:gstreamer-plugins-good", "p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debuginfo", "p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-3303-1.NASL", "href": "https://www.tenable.com/plugins/nessus/96264", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:3303-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96264);\n script_version(\"3.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3303-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-plugins-good fixes the following security\nissues :\n\n - CVE-2016-9807: Flic decoder invalid read could lead to\n crash. (bsc#1013655)\n\n - CVE-2016-9634: Flic out-of-bounds write could lead to\n code execution. (bsc#1012102)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to\n code execution. (bsc#1012103)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to\n code execution. (bsc#1012104)\n\n - CVE-2016-9808: A maliciously crafted flic file can still\n cause invalid memory accesses. (bsc#1013653)\n\n - CVE-2016-9810: A maliciously crafted flic file can still\n cause invalid memory accesses. (bsc#1013663)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9634/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9635/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9636/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9807/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9808/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-9810/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20163303-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?21bceab5\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t\npatch SUSE-SLE-RPI-12-SP2-2016-1939=1\n\nSUSE Linux Enterprise Server 12-SP2:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2016-1939=1\n\nSUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP2-2016-1939=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:gstreamer-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"x86_64\") audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP2\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-1.8.3-9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debuginfo-1.8.3-9.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debugsource-1.8.3-9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-1.8.3-9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debuginfo-1.8.3-9.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"2\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debugsource-1.8.3-9.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:17:48", "description": "This update for gstreamer-plugins-good fixes the following issues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences, leading to invalid memory access and DoS (bsc#1013663)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-17T00:00:00", "type": "nessus", "title": "openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-93)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:gstreamer-plugins-good", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debugsource", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo-32bit", "p-cpe:/a:novell:opensuse:gstreamer-plugins-good-lang", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2017-93.NASL", "href": "https://www.tenable.com/plugins/nessus/96557", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2017-93.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(96557);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9810\");\n\n script_name(english:\"openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-93)\");\n script_summary(english:\"Check for the openSUSE-2017-93 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for gstreamer-plugins-good fixes the following issues :\n\n - CVE-2016-9634: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and\n an out-of-bounds write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files\n from causing invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files\n from causing invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous\n unreferences, leading to invalid memory access and DoS\n (bsc#1013663)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012102\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012103\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1012104\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013653\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013655\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1013663\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gstreamer-plugins-good packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gstreamer-plugins-good-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/01/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-plugins-good-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-plugins-good-debuginfo-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-plugins-good-debugsource-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-plugins-good-extra-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-plugins-good-extra-debuginfo-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"gstreamer-plugins-good-lang-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-32bit-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-debuginfo-32bit-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-extra-32bit-1.4.5-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", cpu:\"x86_64\", reference:\"gstreamer-plugins-good-extra-debuginfo-32bit-1.4.5-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gstreamer-plugins-good / gstreamer-plugins-good-32bit / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-11T14:25:09", "description": "The remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-05-18T00:00:00", "type": "nessus", "title": "GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10198", "CVE-2016-10199", "CVE-2016-9445", "CVE-2016-9446", "CVE-2016-9447", "CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9809", "CVE-2016-9810", "CVE-2016-9811", "CVE-2016-9812", "CVE-2016-9813", "CVE-2017-5837", "CVE-2017-5838", "CVE-2017-5839", "CVE-2017-5840", "CVE-2017-5841", "CVE-2017-5842", "CVE-2017-5843", "CVE-2017-5844", "CVE-2017-5845", "CVE-2017-5846", "CVE-2017-5847", "CVE-2017-5848"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:gst-plugins-bad", "p-cpe:/a:gentoo:linux:gst-plugins-base", "p-cpe:/a:gentoo:linux:gst-plugins-good", "p-cpe:/a:gentoo:linux:gst-plugins-ugly", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201705-10.NASL", "href": "https://www.tenable.com/plugins/nessus/100263", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201705-10.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(100263);\n script_version(\"3.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2016-10198\", \"CVE-2016-10199\", \"CVE-2016-9445\", \"CVE-2016-9446\", \"CVE-2016-9447\", \"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\", \"CVE-2016-9809\", \"CVE-2016-9810\", \"CVE-2016-9811\", \"CVE-2016-9812\", \"CVE-2016-9813\", \"CVE-2017-5837\", \"CVE-2017-5838\", \"CVE-2017-5839\", \"CVE-2017-5840\", \"CVE-2017-5841\", \"CVE-2017-5842\", \"CVE-2017-5843\", \"CVE-2017-5844\", \"CVE-2017-5845\", \"CVE-2017-5846\", \"CVE-2017-5847\", \"CVE-2017-5848\");\n script_xref(name:\"GLSA\", value:\"201705-10\");\n\n script_name(english:\"GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201705-10\n(GStreamer plug-ins: User-assisted execution of arbitrary code)\n\n Multiple vulnerabilities have been discovered in various GStreamer\n plug-ins. Please review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user or automated system using a\n GStreamer plug-in to process a specially crafted file, resulting in the\n execution of arbitrary code or a Denial of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201705-10\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All gst-plugins-bad users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-libs/gst-plugins-bad-1.10.3:1.0'\n All gst-plugins-good users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-libs/gst-plugins-good-1.10.3:1.0'\n All gst-plugins-base users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-libs/gst-plugins-base-1.10.3:1.0'\n All gst-plugins-ugly users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose\n '>=media-libs/gst-plugins-ugly-1.10.3:1.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-bad\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-base\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-good\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gst-plugins-ugly\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/01/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/18\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/gst-plugins-bad\", unaffected:make_list(\"ge 1.10.3\"), vulnerable:make_list(\"lt 1.10.3\"))) flag++;\nif (qpkg_check(package:\"media-libs/gst-plugins-base\", unaffected:make_list(\"ge 1.10.3\"), vulnerable:make_list(\"lt 1.10.3\"))) flag++;\nif (qpkg_check(package:\"media-libs/gst-plugins-good\", unaffected:make_list(\"ge 1.10.3\"), vulnerable:make_list(\"lt 1.10.3\"))) flag++;\nif (qpkg_check(package:\"media-libs/gst-plugins-ugly\", unaffected:make_list(\"ge 1.10.3\"), vulnerable:make_list(\"lt 1.10.3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"GStreamer plug-ins\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:05:41", "description": "Heap-based buffer overflow in the flx_decode_delta_fli function in\ngst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows\nremote attackers to execute arbitrary code or cause a denial of service\n(application crash) via the start_line parameter.\n\n#### Bugs\n\n * <https://bugzilla.gnome.org/show_bug.cgi?id=774834>\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=845375>\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-27T00:00:00", "type": "ubuntucve", "title": "CVE-2016-9634", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634"], "modified": "2017-01-27T00:00:00", "id": "UB:CVE-2016-9634", "href": "https://ubuntu.com/security/CVE-2016-9634", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2022-03-23T16:35:49", "description": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-27T22:59:00", "type": "cve", "title": "CVE-2016-9634", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634"], "modified": "2018-01-05T02:31:00", "cpe": ["cpe:/o:redhat:enterprise_linux_hpc_node:6.0", "cpe:/o:redhat:enterprise_linux_desktop:6.0", "cpe:/o:redhat:enterprise_linux_workstation:6.0", "cpe:/o:redhat:enterprise_linux_server:6.0", "cpe:/o:debian:debian_linux:8.0", "cpe:/a:gstreamer:gstreamer:1.10.1"], "id": "CVE-2016-9634", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9634", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_hpc_node:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:gstreamer:gstreamer:1.10.1:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"]}], "debiancve": [{"lastseen": "2023-01-30T02:07:13", "description": "Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-27T22:59:00", "type": "debiancve", "title": "CVE-2016-9634", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634"], "modified": "2017-01-27T22:59:00", "id": "DEBIANCVE:CVE-2016-9634", "href": "https://security-tracker.debian.org/tracker/CVE-2016-9634", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2021-10-23T21:44:51", "description": "Package : gst-plugins-good0.10\nVersion : 0.10.31-3+nmu1+deb7u1\nCVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636\n\nChris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitati\non.html\n\nThis update removes the insecure FLIC file format plugin.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n0.10.31-3+nmu1+deb7u1.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-30T22:06:15", "type": "debian", "title": "[SECURITY] [DLA 727-1] gst-plugins-good0.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-11-30T22:06:15", "id": "DEBIAN:DLA-727-1:6162F", "href": "https://lists.debian.org/debian-lts-announce/2016/11/msg00033.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:11:52", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3723-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 24, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gst-plugins-good1.0\nCVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636\nDebian Bug : 845375\n\nChris Evans discovered that the GStreamer 1.0 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-2.\n\nWe recommend that you upgrade your gst-plugins-good1.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-24T20:43:40", "type": "debian", "title": "[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-11-24T20:43:40", "id": "DEBIAN:DSA-3723-1:BE772", "href": "https://lists.debian.org/debian-security-announce/2016/msg00306.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T22:11:56", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3724-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 24, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gst-plugins-good0.10\nCVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636\n\nChris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html\n\nThis update removes the insecure FLIC file format plugin.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.10.31-3+nmu4+deb8u2.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-24T20:43:47", "type": "debian", "title": "[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-11-24T20:43:47", "id": "DEBIAN:DSA-3724-1:BE9F7", "href": "https://lists.debian.org/debian-security-announce/2016/msg00307.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-12T04:13:22", "description": "Package : gst-plugins-good0.10\nVersion : 0.10.31-3+nmu1+deb7u1\nCVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636\n\nChris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitati\non.html\n\nThis update removes the insecure FLIC file format plugin.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n0.10.31-3+nmu1+deb7u1.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-30T22:06:15", "type": "debian", "title": "[SECURITY] [DLA 727-1] gst-plugins-good0.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-11-30T22:06:15", "id": "DEBIAN:DLA-727-1:C8217", "href": "https://lists.debian.org/debian-lts-announce/2016/11/msg00033.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-03-02T06:34:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3724-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 24, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gst-plugins-good0.10\nCVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636\n\nChris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html\n\nThis update removes the insecure FLIC file format plugin.\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.10.31-3+nmu4+deb8u2.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-24T20:43:47", "type": "debian", "title": "[SECURITY] [DSA 3724-1] gst-plugins-good0.10 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-11-24T20:43:47", "id": "DEBIAN:DSA-3724-1:AC8F0", "href": "https://lists.debian.org/debian-security-announce/2016/msg00307.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-30T13:06:09", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3723-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 24, 2016 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : gst-plugins-good1.0\nCVE ID : CVE-2016-9634 CVE-2016-9635 CVE-2016-9636\nDebian Bug : 845375\n\nChris Evans discovered that the GStreamer 1.0 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-2.\n\nWe recommend that you upgrade your gst-plugins-good1.0 packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-24T20:43:40", "type": "debian", "title": "[SECURITY] [DSA 3723-1] gst-plugins-good1.0 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-11-24T20:43:40", "id": "DEBIAN:DSA-3723-1:A1811", "href": "https://lists.debian.org/debian-security-announce/2016/msg00306.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "osv": [{"lastseen": "2022-07-21T08:12:40", "description": "\nChris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\n[\\\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html](https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html)\n\n\nThis update removes the insecure FLIC file format plugin.\n\n\nFor Debian 7 Wheezy, these problems have been fixed in version\n0.10.31-3+nmu1+deb7u1.\n\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-30T00:00:00", "type": "osv", "title": "gst-plugins-good0.10 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2022-07-21T05:54:45", "id": "OSV:DLA-727-1", "href": "https://osv.dev/vulnerability/DLA-727-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:11:51", "description": "\nChris Evans discovered that the GStreamer 1.0 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\n[\\\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html](https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html)\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 1.4.4-2+deb8u2.\n\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-2.\n\n\nWe recommend that you upgrade your gst-plugins-good1.0 packages.\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-24T00:00:00", "type": "osv", "title": "gst-plugins-good1.0 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2022-08-10T07:11:47", "id": "OSV:DSA-3723-1", "href": "https://osv.dev/vulnerability/DSA-3723-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-10T07:11:51", "description": "\nChris Evans discovered that the GStreamer 0.10 plugin used to decode\nfiles in the FLIC format allowed execution of arbitrary code. Further\ndetails can be found in his advisory at\n[\\\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html](https://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html)\n\n\nThis update removes the insecure FLIC file format plugin.\n\n\nFor the stable distribution (jessie), these problems have been fixed in\nversion 0.10.31-3+nmu4+deb8u2.\n\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\n\n\n", "edition": 1, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-11-24T00:00:00", "type": "osv", "title": "gst-plugins-good0.10 - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2022-08-10T07:11:47", "id": "OSV:DSA-3724-1", "href": "https://osv.dev/vulnerability/DSA-3724-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2019-05-29T18:34:58", "description": "Chris Evans discovered that the\nGStreamer 1.0 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code.", "cvss3": {}, "published": "2016-11-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3723-1 (gst-plugins-good1.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703723", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703723", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3723.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3723-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703723\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n script_name(\"Debian Security Advisory DSA 3723-1 (gst-plugins-good1.0 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-24 00:00:00 +0100 (Thu, 24 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3723.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"gst-plugins-good1.0 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 1.4.4-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-2.\n\nWe recommend that you upgrade your gst-plugins-good1.0 packages.\");\n script_tag(name:\"summary\", value:\"Chris Evans discovered that the\nGStreamer 1.0 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed\nsoftware version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good:amd64\", ver:\"1.4.4-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good:i386\", ver:\"1.4.4-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good-dbg:amd64\", ver:\"1.4.4-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good-dbg:i386\", ver:\"1.4.4-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good-doc\", ver:\"1.4.4-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer1.0-pulseaudio:amd64\", ver:\"1.4.4-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer1.0-pulseaudio:i386\", ver:\"1.4.4-2+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:33", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for gstreamer1-plugins-good FEDORA-2016-c883d07fba", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872086", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872086", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gstreamer1-plugins-good FEDORA-2016-c883d07fba\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872086\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:27:07 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gstreamer1-plugins-good FEDORA-2016-c883d07fba\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer1-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gstreamer1-plugins-good on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-c883d07fba\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GKUVAZCGPPJNPC2OQR6T4EYZJTWOQBMZ\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer1-plugins-good\", rpm:\"gstreamer1-plugins-good~1.10.1~2.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:39", "description": "Chris Evans discovered that the\nGStreamer 0.10 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code.\n\nThis update removes the insecure FLIC file format plugin.", "cvss3": {}, "published": "2016-11-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703724", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3724.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Auto-generated from advisory DSA 3724-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703724\");\n script_version(\"$Revision: 14275 $\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n script_name(\"Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-11-24 00:00:00 +0100 (Thu, 24 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2016/dsa-3724.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"gst-plugins-good0.10 on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (jessie),\nthese problems have been fixed in version 0.10.31-3+nmu4+deb8u2.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\");\n script_tag(name:\"summary\", value:\"Chris Evans discovered that the\nGStreamer 0.10 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code.\n\nThis update removes the insecure FLIC file format plugin.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-gconf:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-gconf:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-pulseaudio:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"gstreamer0.10-pulseaudio:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:54:39", "description": "Chris Evans discovered that the\nGStreamer 1.0 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code. Further details can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html", "cvss3": {}, "published": "2016-11-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3723-1 (gst-plugins-good1.0 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703723", "href": "http://plugins.openvas.org/nasl.php?oid=703723", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3723.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3723-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703723);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n script_name(\"Debian Security Advisory DSA 3723-1 (gst-plugins-good1.0 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-24 00:00:00 +0100 (Thu, 24 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3723.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"gst-plugins-good1.0 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 1.4.4-2+deb8u2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.10.1-2.\n\nWe recommend that you upgrade your gst-plugins-good1.0 packages.\");\n script_tag(name: \"summary\", value: \"Chris Evans discovered that the\nGStreamer 1.0 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code. Further details can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed\nsoftware version using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good:amd64\", ver:\"1.4.4-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good:i386\", ver:\"1.4.4-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good-dbg:amd64\", ver:\"1.4.4-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good-dbg:i386\", ver:\"1.4.4-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer1.0-plugins-good-doc\", ver:\"1.4.4-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer1.0-pulseaudio:amd64\", ver:\"1.4.4-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer1.0-pulseaudio:i386\", ver:\"1.4.4-2+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:54:47", "description": "Chris Evans discovered that the\nGStreamer 0.10 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code. Further details can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html \nThis update removes the insecure FLIC file format plugin.", "cvss3": {}, "published": "2016-11-24T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703724", "href": "http://plugins.openvas.org/nasl.php?oid=703724", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3724.nasl 6608 2017-07-07 12:05:05Z cfischer $\n# Auto-generated from advisory DSA 3724-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703724);\n script_version(\"$Revision: 6608 $\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\");\n script_name(\"Debian Security Advisory DSA 3724-1 (gst-plugins-good0.10 - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:05 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2016-11-24 00:00:00 +0100 (Thu, 24 Nov 2016)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n script_tag(name: \"qod_type\", value: \"package\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2016/dsa-3724.html\");\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2016 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"gst-plugins-good0.10 on Debian Linux\");\n script_tag(name: \"solution\", value: \"For the stable distribution (jessie),\nthese problems have been fixed in version 0.10.31-3+nmu4+deb8u2.\n\nWe recommend that you upgrade your gst-plugins-good0.10 packages.\");\n script_tag(name: \"summary\", value: \"Chris Evans discovered that the\nGStreamer 0.10 plugin used to decode files in the FLIC format allowed execution\nof arbitrary code. Further details can be found in his advisory at\nhttps://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-advancing-exploitation.html \nThis update removes the insecure FLIC file format plugin.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-gconf:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-gconf:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-dbg:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-plugins-good-doc\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-pulseaudio:amd64\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gstreamer0.10-pulseaudio:i386\", ver:\"0.10.31-3+nmu4+deb8u2\", rls_regex:\"DEB8.[0-9]+\")) != NULL) {\n report += res;\n}\n\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:35:05", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-16T00:00:00", "type": "openvas", "title": "Fedora Update for gstreamer-plugins-good FEDORA-2016-f4e992b0ac", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872154", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872154", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gstreamer-plugins-good FEDORA-2016-f4e992b0ac\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872154\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-16 06:04:50 +0100 (Fri, 16 Dec 2016)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gstreamer-plugins-good FEDORA-2016-f4e992b0ac\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-f4e992b0ac\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZSAXIBKXY2ATERJZWPVIGTRSR2K6XYFS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.31~17.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:08", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-07T00:00:00", "type": "openvas", "title": "Fedora Update for gstreamer1-plugins-good FEDORA-2016-3a45d79132", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872071", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872071", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gstreamer1-plugins-good FEDORA-2016-3a45d79132\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872071\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-07 05:26:24 +0100 (Wed, 07 Dec 2016)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gstreamer1-plugins-good FEDORA-2016-3a45d79132\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer1-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gstreamer1-plugins-good on Fedora 24\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-3a45d79132\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPFPZMXAWFGJTUHWIN3SBJOI3KMPICQG\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC24\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC24\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer1-plugins-good\", rpm:\"gstreamer1-plugins-good~1.8.3~2.fc24\", rls:\"FC24\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:39", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-10T00:00:00", "type": "openvas", "title": "Fedora Update for gstreamer-plugins-good FEDORA-2016-dcde4f3cd2", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310872109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310872109", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for gstreamer-plugins-good FEDORA-2016-dcde4f3cd2\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.872109\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-10 06:34:42 +0100 (Sat, 10 Dec 2016)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for gstreamer-plugins-good FEDORA-2016-dcde4f3cd2\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2016-dcde4f3cd2\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EMJDPVFJOTHWCXBSL63XZR73UWPQIUYS\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.31~17.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:35:38", "description": "Check the version of gstreamer-plugins-good", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "openvas", "title": "CentOS Update for gstreamer-plugins-good CESA-2016:2975 centos6", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882617", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882617", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gstreamer-plugins-good CESA-2016:2975 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882617\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-22 05:45:36 +0100 (Thu, 22 Dec 2016)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for gstreamer-plugins-good CESA-2016:2975 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of gstreamer-plugins-good\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GStreamer is a streaming media framework base\nd on graphs of filters which operate on media data. The gstreamer-plugins-good\npackages contain a collection of well-supported plug-ins of good quality and under\nthe LGPL license.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to cause\nan application using GStreamer to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX\nmedia file format decoding plug-in. A remote attacker could use this flaw\nto cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2016:2975\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2016-December/022188.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.23~4.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel\", rpm:\"gstreamer-plugins-good-devel~0.10.23~4.el6_8\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:57", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2017-1065)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171065", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171065", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1065\");\n script_version(\"2020-01-23T10:47:21+0000\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:47:21 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:21 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2017-1065)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1065\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1065\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gstreamer1-plugins-good' package(s) announced via the EulerOS-SA-2017-1065 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.(CVE-2016-9636)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\nThe FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\nThe flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\");\n\n script_tag(name:\"affected\", value:\"'gstreamer1-plugins-good' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer1-plugins-good\", rpm:\"gstreamer1-plugins-good~1.4.5~3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:56", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2016-12-22T00:00:00", "type": "openvas", "title": "RedHat Update for gstreamer-plugins-good RHSA-2016:2975-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871733", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871733", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gstreamer-plugins-good RHSA-2016:2975-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871733\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-12-22 05:44:51 +0100 (Thu, 22 Dec 2016)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for gstreamer-plugins-good RHSA-2016:2975-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GStreamer is a streaming media framework\nbased on graphs of filters which operate on media data. The gstreamer-plugins-good\npackages contain a collection of well-supported plug-ins of good quality and under\nthe LGPL license.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to cause\nan application using GStreamer to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX\nmedia file format decoding plug-in. A remote attacker could use this flaw\nto cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on\n Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2016:2975-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2016-December/msg00027.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.23~4.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo\", rpm:\"gstreamer-plugins-good-debuginfo~0.10.23~4.el6_8\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:57", "description": "Check the version of gstreamer1-plugins-good", "cvss3": {}, "published": "2017-01-10T00:00:00", "type": "openvas", "title": "CentOS Update for gstreamer1-plugins-good CESA-2017:0020 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882628", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gstreamer1-plugins-good CESA-2017:0020 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882628\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-10 05:50:31 +0100 (Tue, 10 Jan 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for gstreamer1-plugins-good CESA-2017:0020 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of gstreamer1-plugins-good\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GStreamer is a streaming media framework\nbased on graphs of filters which operate on media data. The gstreamer1-plugins-good\npackages contain a collection of well-supported plug-ins of good quality and under\nthe LGPL license.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to cause\nan application using GStreamer to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX\nmedia file format decoding plug-in. A remote attacker could use this flaw\nto cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\");\n script_tag(name:\"affected\", value:\"gstreamer1-plugins-good on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0020\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022195.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer1-plugins-good\", rpm:\"gstreamer1-plugins-good~1.4.5~3.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:18", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-06T00:00:00", "type": "openvas", "title": "RedHat Update for gstreamer-plugins-good RHSA-2017:0019-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871741", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871741", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gstreamer-plugins-good RHSA-2017:0019-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871741\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-06 05:45:04 +0100 (Fri, 06 Jan 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for gstreamer-plugins-good RHSA-2017:0019-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GStreamer is a streaming media framework based on graphs of filters which\noperate on media data. The gstreamer-plugins-good packages contain a\ncollection of well-supported plug-ins of good quality and under the LGPL\nlicense.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to cause\nan application using GStreamer to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX\nmedia file format decoding plug-in. A remote attacker could use this flaw\nto cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0019-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-January/msg00007.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.31~12.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo\", rpm:\"gstreamer-plugins-good-debuginfo~0.10.31~12.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:34:17", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-06T00:00:00", "type": "openvas", "title": "RedHat Update for gstreamer1-plugins-good RHSA-2017:0020-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871738", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871738", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for gstreamer1-plugins-good RHSA-2017:0020-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871738\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-06 05:44:51 +0100 (Fri, 06 Jan 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for gstreamer1-plugins-good RHSA-2017:0020-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer1-plugins-good'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GStreamer is a streaming media framework based on graphs of filters which\noperate on media data. The gstreamer1-plugins-good packages contain a\ncollection of well-supported plug-ins of good quality and under the LGPL\nlicense.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to cause\nan application using GStreamer to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX\nmedia file format decoding plug-in. A remote attacker could use this flaw\nto cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\");\n script_tag(name:\"affected\", value:\"gstreamer1-plugins-good on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:0020-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-January/msg00008.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer1-plugins-good\", rpm:\"gstreamer1-plugins-good~1.4.5~3.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer1-plugins-good-debuginfo\", rpm:\"gstreamer1-plugins-good-debuginfo~1.4.5~3.el7_3\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:19", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2017-1064)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171064", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171064", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1064\");\n script_version(\"2020-01-23T10:47:17+0000\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:47:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gstreamer1-plugins-good (EulerOS-SA-2017-1064)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1064\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1064\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gstreamer1-plugins-good' package(s) announced via the EulerOS-SA-2017-1064 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.(CVE-2016-9636)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\nThe FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\nThe flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\");\n\n script_tag(name:\"affected\", value:\"'gstreamer1-plugins-good' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer1-plugins-good\", rpm:\"gstreamer1-plugins-good~1.4.5~3\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:33:57", "description": "Check the version of gstreamer-plugins-good", "cvss3": {}, "published": "2017-01-10T00:00:00", "type": "openvas", "title": "CentOS Update for gstreamer-plugins-good CESA-2017:0019 centos7", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2019-03-08T00:00:00", "id": "OPENVAS:1361412562310882625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882625", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for gstreamer-plugins-good CESA-2017:0019 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882625\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-01-10 05:49:55 +0100 (Tue, 10 Jan 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for gstreamer-plugins-good CESA-2017:0019 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of gstreamer-plugins-good\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"GStreamer is a streaming media framework\nbased on graphs of filters which operate on media data. The gstreamer-plugins-good\npackages contain a collection of well-supported plug-ins of good quality and under\nthe LGPL license.\n\nSecurity Fix(es):\n\n * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file\nformat decoding plug-in. A remote attacker could use these flaws to cause\nan application using GStreamer to crash or, potentially, execute arbitrary\ncode with the privileges of the user running the application.\n(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX\nmedia file format decoding plug-in. A remote attacker could use this flaw\nto cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\");\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:0019\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-January/022197.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.31~12.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"gstreamer-plugins-good-devel-docs\", rpm:\"gstreamer-plugins-good-devel-docs~0.11.31~12.el7_3\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-02-05T16:36:54", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gstreamer-plugins-good (EulerOS-SA-2017-1062)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-02-05T00:00:00", "id": "OPENVAS:1361412562311220171062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171062", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1062\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:08 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gstreamer-plugins-good (EulerOS-SA-2017-1062)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1062\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1062\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gstreamer-plugins-good' package(s) announced via the EulerOS-SA-2017-1062 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.(CVE-2016-9636)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\nThe FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\nThe flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\");\n\n script_tag(name:\"affected\", value:\"'gstreamer-plugins-good' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.31~12\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:36:57", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for gstreamer-plugins-good (EulerOS-SA-2017-1063)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171063", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171063", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1063\");\n script_version(\"2020-01-23T10:47:12+0000\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\", \"CVE-2016-9808\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:47:12 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:47:12 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for gstreamer-plugins-good (EulerOS-SA-2017-1063)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1063\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1063\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'gstreamer-plugins-good' package(s) announced via the EulerOS-SA-2017-1063 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.(CVE-2016-9636)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.(CVE-2016-9635)\n\nHeap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.(CVE-2016-9634)\n\nThe FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.(CVE-2016-9808)\n\nThe flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.(CVE-2016-9807)\");\n\n script_tag(name:\"affected\", value:\"'gstreamer-plugins-good' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~0.10.31~12\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:27:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for gstreamer-0_10-plugins-good (openSUSE-SU-2017:0160-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851476", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851476", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851476\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-17 05:48:05 +0100 (Tue, 17 Jan 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\", \"CVE-2016-9810\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for gstreamer-0_10-plugins-good (openSUSE-SU-2017:0160-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-0_10-plugins-good'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for gstreamer-0_10-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\");\n\n script_tag(name:\"affected\", value:\"gstreamer-0_10-plugins-good on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0160-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd\", rpm:\"gstreamer-0_10-plugin-esd~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd-debuginfo\", rpm:\"gstreamer-0_10-plugin-esd-debuginfo~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good\", rpm:\"gstreamer-0_10-plugins-good~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-debuginfo\", rpm:\"gstreamer-0_10-plugins-good-debuginfo~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-debugsource\", rpm:\"gstreamer-0_10-plugins-good-debugsource~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-doc\", rpm:\"gstreamer-0_10-plugins-good-doc~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra\", rpm:\"gstreamer-0_10-plugins-good-extra~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra-debuginfo\", rpm:\"gstreamer-0_10-plugins-good-extra-debuginfo~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-lang\", rpm:\"gstreamer-0_10-plugins-good-lang~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd-32bit\", rpm:\"gstreamer-0_10-plugin-esd-32bit~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd-debuginfo-32bit\", rpm:\"gstreamer-0_10-plugin-esd-debuginfo-32bit~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-32bit\", rpm:\"gstreamer-0_10-plugins-good-32bit~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-debuginfo-32bit\", rpm:\"gstreamer-0_10-plugins-good-debuginfo-32bit~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra-32bit\", rpm:\"gstreamer-0_10-plugins-good-extra-32bit~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra-debuginfo-32bit\", rpm:\"gstreamer-0_10-plugins-good-extra-debuginfo-32bit~0.10.31~13.3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:12", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-03T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for gstreamer-0_10-plugins-good (openSUSE-SU-2017:0298-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851481", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851481", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851481\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-03 12:11:01 +0530 (Fri, 03 Feb 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\", \"CVE-2016-9810\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for gstreamer-0_10-plugins-good (openSUSE-SU-2017:0298-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-0_10-plugins-good'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for gstreamer-0_10-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\");\n\n script_tag(name:\"affected\", value:\"gstreamer-0_10-plugins-good on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0298-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd\", rpm:\"gstreamer-0_10-plugin-esd~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd-debuginfo\", rpm:\"gstreamer-0_10-plugin-esd-debuginfo~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good\", rpm:\"gstreamer-0_10-plugins-good~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-debuginfo\", rpm:\"gstreamer-0_10-plugins-good-debuginfo~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-debugsource\", rpm:\"gstreamer-0_10-plugins-good-debugsource~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-doc\", rpm:\"gstreamer-0_10-plugins-good-doc~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra\", rpm:\"gstreamer-0_10-plugins-good-extra~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra-debuginfo\", rpm:\"gstreamer-0_10-plugins-good-extra-debuginfo~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-lang\", rpm:\"gstreamer-0_10-plugins-good-lang~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd-32bit\", rpm:\"gstreamer-0_10-plugin-esd-32bit~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugin-esd-debuginfo-32bit\", rpm:\"gstreamer-0_10-plugin-esd-debuginfo-32bit~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-32bit\", rpm:\"gstreamer-0_10-plugins-good-32bit~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-debuginfo-32bit\", rpm:\"gstreamer-0_10-plugins-good-debuginfo-32bit~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra-32bit\", rpm:\"gstreamer-0_10-plugins-good-extra-32bit~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-0_10-plugins-good-extra-debuginfo-32bit\", rpm:\"gstreamer-0_10-plugins-good-extra-debuginfo-32bit~0.10.31~16.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:23", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2017:0141-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851470", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851470", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851470\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-17 05:47:43 +0100 (Tue, 17 Jan 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\", \"CVE-2016-9810\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2017:0141-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for gstreamer-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\");\n\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on openSUSE Leap 42.1\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0141-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.1\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.1\") {\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo\", rpm:\"gstreamer-plugins-good-debuginfo~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debugsource\", rpm:\"gstreamer-plugins-good-debugsource~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-doc\", rpm:\"gstreamer-plugins-good-doc~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra\", rpm:\"gstreamer-plugins-good-extra~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-debuginfo\", rpm:\"gstreamer-plugins-good-extra-debuginfo~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-32bit\", rpm:\"gstreamer-plugins-good-32bit~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo-32bit\", rpm:\"gstreamer-plugins-good-debuginfo-32bit~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-32bit\", rpm:\"gstreamer-plugins-good-extra-32bit~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-debuginfo-32bit\", rpm:\"gstreamer-plugins-good-extra-debuginfo-32bit~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-lang\", rpm:\"gstreamer-plugins-good-lang~1.4.5~5.1\", rls:\"openSUSELeap42.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:25", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-01-17T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2017:0151-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851471", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851471", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851471\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-01-17 05:47:49 +0100 (Tue, 17 Jan 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\", \"CVE-2016-9810\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2017:0151-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for gstreamer-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\");\n\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on openSUSE 13.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0151-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSE13\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE13.2\")\n{\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo\", rpm:\"gstreamer-plugins-good-debuginfo~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debugsource\", rpm:\"gstreamer-plugins-good-debugsource~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-doc\", rpm:\"gstreamer-plugins-good-doc~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra\", rpm:\"gstreamer-plugins-good-extra~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-debuginfo\", rpm:\"gstreamer-plugins-good-extra-debuginfo~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-32bit\", rpm:\"gstreamer-plugins-good-32bit~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo-32bit\", rpm:\"gstreamer-plugins-good-debuginfo-32bit~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-32bit\", rpm:\"gstreamer-plugins-good-extra-32bit~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-debuginfo-32bit\", rpm:\"gstreamer-plugins-good-extra-debuginfo-32bit~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-lang\", rpm:\"gstreamer-plugins-good-lang~1.4.3~3.1\", rls:\"openSUSE13.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-31T18:28:20", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-02-22T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2017:0071-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851498", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851498", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851498\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-02-22 15:15:31 +0100 (Wed, 22 Feb 2017)\");\n script_cve_id(\"CVE-2016-9634\", \"CVE-2016-9635\", \"CVE-2016-9636\", \"CVE-2016-9807\",\n \"CVE-2016-9808\", \"CVE-2016-9810\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for gstreamer-plugins-good (openSUSE-SU-2017:0071-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'gstreamer-plugins-good'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for gstreamer-plugins-good fixes the following security issues:\n\n - CVE-2016-9807: Flic decoder invalid read could lead to crash.\n (bsc#1013655)\n\n - CVE-2016-9634: Flic out-of-bounds write could lead to code execution.\n (bsc#1012102)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution.\n (bsc#1012103)\n\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution.\n (bsc#1012104)\n\n - CVE-2016-9808: A maliciously crafted flic file can still cause invalid\n memory accesses. (bsc#1013653)\n\n - CVE-2016-9810: A maliciously crafted flic file can still cause invalid\n memory accesses. (bsc#1013663)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\");\n\n script_tag(name:\"affected\", value:\"gstreamer-plugins-good on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:0071-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good\", rpm:\"gstreamer-plugins-good~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo\", rpm:\"gstreamer-plugins-good-debuginfo~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debugsource\", rpm:\"gstreamer-plugins-good-debugsource~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-doc\", rpm:\"gstreamer-plugins-good-doc~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra\", rpm:\"gstreamer-plugins-good-extra~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-debuginfo\", rpm:\"gstreamer-plugins-good-extra-debuginfo~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-32bit\", rpm:\"gstreamer-plugins-good-32bit~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-debuginfo-32bit\", rpm:\"gstreamer-plugins-good-debuginfo-32bit~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-32bit\", rpm:\"gstreamer-plugins-good-extra-32bit~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-extra-debuginfo-32bit\", rpm:\"gstreamer-plugins-good-extra-debuginfo-32bit~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"gstreamer-plugins-good-lang\", rpm:\"gstreamer-plugins-good-lang~1.8.3~3.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:53", "description": "GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plugins. GStreamer Good Plugins is a collection of well-supported plugins of good quality and under the LGPL license. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-04T16:54:10", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: gstreamer1-plugins-good-1.10.1-2.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-12-04T16:54:10", "id": "FEDORA:E1A126087A13", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/GKUVAZCGPPJNPC2OQR6T4EYZJTWOQBMZ/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plugins. GStreamer Good Plugins is a collection of well-supported plugins of good quality and under the LGPL license. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-06T10:30:00", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: gstreamer1-plugins-good-1.8.3-2.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-12-06T10:30:00", "id": "FEDORA:1228F60C7BFA", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/YPFPZMXAWFGJTUHWIN3SBJOI3KMPICQG/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. GStreamer Good Plug-ins is a collection of well-supported plug-ins of good quality and under the LGPL license. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-09T22:31:13", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: gstreamer-plugins-good-0.10.31-17.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-12-09T22:31:13", "id": "FEDORA:54F636182D61", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/EMJDPVFJOTHWCXBSL63XZR73UWPQIUYS/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:53", "description": "GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types or processing capabilities can be added simply by installing new plug-ins. GStreamer Good Plug-ins is a collection of well-supported plug-ins of good quality and under the LGPL license. ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-16T03:55:13", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: gstreamer-plugins-good-0.10.31-17.fc24", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636"], "modified": "2016-12-16T03:55:13", "id": "FEDORA:E64EC6061CC4", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZSAXIBKXY2ATERJZWPVIGTRSR2K6XYFS/", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhatcve": [{"lastseen": "2021-09-02T22:52:24", "description": "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.\n#### Mitigation\n\nThis mitigation is only required if vulnerable gstreamer-plugins-good and/or gstreamer1-plugins-good packages are installed. \n\n\nFor RHEL 7, \n\n\nsudo rm /usr/lib*/gstreamer-1.0/libgstflxdec.so \nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so \n\n\nFor RHEL 5 and RHEL 6, \n\n\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so \n\n\nPlease note that this mitigation deletes the vulnerable FLI/FLC/FLX animation demuxer file(s), which removes the functionality to play FLI/FLC/FLX animation files. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-24T13:47:26", "type": "redhatcve", "title": "CVE-2016-9636", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9808"], "modified": "2020-10-29T10:56:33", "id": "RH:CVE-2016-9636", "href": "https://access.redhat.com/security/cve/cve-2016-9636", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:24", "description": "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.\n#### Mitigation\n\nThis mitigation is only required if vulnerable gstreamer-plugins-good and/or gstreamer1-plugins-good packages are installed. \n\n\nFor RHEL 7, \n\n\nsudo rm /usr/lib*/gstreamer-1.0/libgstflxdec.so \nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so \n\n\nFor RHEL 5 and RHEL 6, \n\n\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so \n\n\nPlease note that this mitigation deletes the vulnerable FLI/FLC/FLX animation demuxer file(s), which removes the functionality to play FLI/FLC/FLX animation files. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-24T13:47:41", "type": "redhatcve", "title": "CVE-2016-9635", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9808"], "modified": "2020-10-29T10:56:12", "id": "RH:CVE-2016-9635", "href": "https://access.redhat.com/security/cve/cve-2016-9635", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-09-02T22:52:24", "description": "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application.\n#### Mitigation\n\nThis mitigation is only required if vulnerable gstreamer-plugins-good and/or gstreamer1-plugins-good packages are installed. \n\n\nFor RHEL 7, \n\n\nsudo rm /usr/lib*/gstreamer-1.0/libgstflxdec.so \nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so \n\n\nFor RHEL 5 and RHEL 6, \n\n\nsudo rm /usr/lib*/gstreamer-0.10/libgstflxdec.so \n\n\nPlease note that this mitigation deletes the vulnerable FLI/FLC/FLX animation demuxer file(s), which removes the functionality to play FLI/FLC/FLX animation files. \n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-11-24T13:47:35", "type": "redhatcve", "title": "CVE-2016-9634", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9808"], "modified": "2020-10-29T10:56:25", "id": "RH:CVE-2016-9634", "href": "https://access.redhat.com/security/cve/cve-2016-9634", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2021-10-19T18:37:35", "description": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-21T11:39:29", "type": "redhat", "title": "(RHSA-2016:2975) Important: gstreamer-plugins-good security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2018-06-06T16:24:17", "id": "RHSA-2016:2975", "href": "https://access.redhat.com/errata/RHSA-2016:2975", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:42:18", "description": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-05T08:50:02", "type": "redhat", "title": "(RHSA-2017:0020) Moderate: gstreamer1-plugins-good security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2018-04-11T23:31:29", "id": "RHSA-2017:0020", "href": "https://access.redhat.com/errata/RHSA-2017:0020", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T04:47:12", "description": "GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-05T08:45:45", "type": "redhat", "title": "(RHSA-2017:0019) Moderate: gstreamer-plugins-good security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2018-04-11T23:33:26", "id": "RHSA-2017:0019", "href": "https://access.redhat.com/errata/RHSA-2017:0019", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2021-07-28T14:25:14", "description": "[0.10.31-12]\n- Disable insecure FLX plugin\nResolves: rhbz#1400842", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-05T00:00:00", "type": "oraclelinux", "title": "gstreamer-plugins-good security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2017-01-05T00:00:00", "id": "ELSA-2017-0019", "href": "http://linux.oracle.com/errata/ELSA-2017-0019.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:25:34", "description": "[0.10.23-4]\n- Remove insecure FLX plugin\nResolves: rhbz#1400835", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2016-12-21T00:00:00", "type": "oraclelinux", "title": "gstreamer-plugins-good security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2016-12-21T00:00:00", "id": "ELSA-2016-2975", "href": "http://linux.oracle.com/errata/ELSA-2016-2975.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-07-28T14:24:49", "description": "[1.4.5-3]\n- Remove insecure FLX plugin\nResolves: rhbz#1400892", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-01-05T00:00:00", "type": "oraclelinux", "title": "gstreamer1-plugins-good security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2017-01-05T00:00:00", "id": "ELSA-2017-0020", "href": "http://linux.oracle.com/errata/ELSA-2017-0020.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2022-06-28T21:58:50", "description": "## Summary\n\nPowerKVM is affected by vulnerabilities in GStreamer. IBM has now addressed these vulnerabilities.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2016-9634_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9634>)** \nDESCRIPTION:** GStreamer is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder. By using a specially-crafted 'start_line' parameter, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121661_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121661>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n\n**CVEID:** [_CVE-2016-9635_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9635>)** \nDESCRIPTION:** GStreamer is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder. By providing a 'skip count' that goes beyond initialized buffer, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. \nCVSS Base Score: 7.3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121668_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121668>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)\n\n**CVEID:** [_CVE-2016-9636_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9636>)** \nDESCRIPTION:** GStreamer is vulnerable to a denial of service, caused by heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder. By using the start_line parameter, a remote attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121546_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121546>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9807_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9807>)** \nDESCRIPTION:** Gstreamer is vulnerable to a denial of service, caused by an invalid memory read issue in flx_decode_chunks function in gst/flx/gstflxdec.c. By persuading a victim to open a specially-crafted FLIC file, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 5.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121060_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121060>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)\n\n**CVEID:** [_CVE-2016-9808_](<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9808>)** \nDESCRIPTION:** GStreamer is vulnerable to a denial of service, caused by an out-of-bounds write issue in FLIC decoder function. By sending a specially-crafted series of skip and count pairs, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base Score: 7.5 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/121061_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/121061>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)\n\n## Affected Products and Versions\n\nPowerKVM 3.1\n\n## Remediation/Fixes\n\nCustomers can update PowerKVM systems by using \"yum update\". \n \nFix images are made available via Fix Central. For version 3.1, see <https://ibm.biz/BdHggw>. This issue is addressed as of 3.1.0.2 update 7 or later. \n \nVersion 2.1 is unaffected.\n\n## Workarounds and Mitigations\n\nNone\n\n## Get Notified about Future Security Bulletins\n\nSubscribe to [My Notifications](< http://www-01.ibm.com/software/support/einfo.html>) to be notified of important product support alerts like this.\n\n### References \n\n[Complete CVSS v2 Guide](<http://www.first.org/cvss/v2/guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v2](<http://nvd.nist.gov/CVSS-v2-Calculator> \"Link resides outside of ibm.com\" )\n\n[Complete CVSS v3 Guide](<http://www.first.org/cvss/user-guide> \"Link resides outside of ibm.com\" ) \n[On-line Calculator v3](<http://www.first.org/cvss/calculator/3.0> \"Link resides outside of ibm.com\" )\n\nOff \n\n## Related Information\n\n[IBM Secure Engineering Web Portal](<http://www.ibm.com/security/secure-engineering/bulletins.html>) \n[IBM Product Security Incident Response Blog](<http://www.ibm.com/blogs/psirt>)\n\n## Change History\n\n31 Mar 2017 - Initial Version \n30 May 2017 - Removed duplicate references\n\n*The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin.\n\n## Disclaimer\n\nAccording to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an \"industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response.\" IBM PROVIDES THE CVSS SCORES \"\"AS IS\"\" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. In addition to other efforts to address potential vulnerabilities, IBM periodically updates the record of components contained in our product offerings. As part of that effort, if IBM identifies previously unidentified packages in a product/service inventory, we address relevant vulnerabilities regardless of CVE date. Inclusion of an older CVEID does not demonstrate that the referenced product has been used by IBM since that date, nor that IBM was aware of a vulnerability as of that date. We are making clients aware of relevant vulnerabilities as we become aware of them. \"Affected Products and Versions\" referenced in IBM Security Bulletins are intended to be only products and versions that are supported by IBM and have not passed their end-of-support or warranty date. Thus, failure to reference unsupported or extended-support products and versions in this Security Bulletin does not constitute a determination by IBM that they are unaffected by the vulnerability. Reference to one or more unsupported versions in this Security Bulletin shall not create an obligation for IBM to provide fixes for any unsupported or extended-support products or versions.\n\n[{\"Product\":{\"code\":\"SSZJY4\",\"label\":\"PowerKVM\"},\"Business Unit\":{\"code\":\"BU054\",\"label\":\"Systems w\\/TPS\"},\"Component\":\"Not Applicable\",\"Platform\":[{\"code\":\"PF016\",\"label\":\"Linux\"}],\"Version\":\"3.1\",\"Edition\":\"KVM\",\"Line of Business\":{\"code\":\"LOB08\",\"label\":\"Cognitive Systems\"}}]", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-06-18T01:35:35", "type": "ibm", "title": "Security Bulletin: Vulnerabilities in GStreamer affect PowerKVM", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2018-06-18T01:35:35", "id": "D995A81E2B29F60F31EAC01457C3FCBD8FCDA87D427999BE37200D8550733BEC", "href": "https://www.ibm.com/support/pages/node/630935", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2023-01-01T04:42:34", "description": "**CentOS Errata and Security Advisory** CESA-2017:0020\n\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-January/071670.html\n\n**Affected packages:**\ngstreamer1-plugins-good\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:0020", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-09T18:12:11", "type": "centos", "title": "gstreamer1 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2017-01-09T18:12:11", "id": "CESA-2017:0020", "href": "https://lists.centos.org/pipermail/centos-announce/2017-January/071670.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-01T04:42:39", "description": "**CentOS Errata and Security Advisory** CESA-2016:2975\n\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This updates removes the vulnerable FLC/FLI/FLX plug-in.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2016-December/071663.html\n\n**Affected packages:**\ngstreamer-plugins-good\ngstreamer-plugins-good-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2016:2975", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-21T17:41:00", "type": "centos", "title": "gstreamer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2016-12-21T17:41:00", "id": "CESA-2016:2975", "href": "https://lists.centos.org/pipermail/centos-announce/2016-December/071663.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-01-01T04:42:34", "description": "**CentOS Errata and Security Advisory** CESA-2017:0019\n\n\nGStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.\n\nSecurity Fix(es):\n\n* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)\n\n* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807)\n\nNote: This update removes the vulnerable FLC/FLI/FLX plug-in.\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-announce/2017-January/071672.html\n\n**Affected packages:**\ngstreamer-plugins-good\ngstreamer-plugins-good-devel-docs\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2017:0019", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-01-09T18:12:52", "type": "centos", "title": "gstreamer security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808"], "modified": "2017-01-09T18:12:52", "id": "CESA-2017:0019", "href": "https://lists.centos.org/pipermail/centos-announce/2017-January/071672.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808). An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash (CVE-2016-9807, CVE-2016-9810). Note that CVE-2016-9810 only affected gstreamer1.0-plugins-good. \n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2016-12-29T10:29:11", "type": "mageia", "title": "Updated gstreamer0.10-plugins-good and gstreamer1.0-plugins-good packages fix security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9810"], "modified": "2016-12-29T10:29:11", "id": "MGASA-2016-0424", "href": "https://advisories.mageia.org/MGASA-2016-0424.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2017-01-16T19:01:21", "description": "This update for gstreamer-0_10-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\n\n", "cvss3": {}, "published": "2017-01-16T19:24:41", "type": "suse", "title": "Security update for gstreamer-0_10-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-16T19:24:41", "id": "OPENSUSE-SU-2017:0160-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00023.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-27T16:59:51", "description": "This update for gstreamer-0_10-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\n\n", "cvss3": {}, "published": "2017-01-27T17:10:40", "type": "suse", "title": "Security update for gstreamer-0_10-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-27T17:10:40", "id": "OPENSUSE-SU-2017:0298-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00061.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-08T02:05:47", "description": "This update for gstreamer-plugins-good fixes the following security issues:\n\n - CVE-2016-9807: Flic decoder invalid read could lead to crash.\n (bsc#1013655)\n - CVE-2016-9634: Flic out-of-bounds write could lead to code execution.\n (bsc#1012102)\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution.\n (bsc#1012103)\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution.\n (bsc#1012104)\n - CVE-2016-9808: A maliciously crafted flic file can still cause invalid\n memory accesses. (bsc#1013653)\n - CVE-2016-9810: A maliciously crafted flic file can still cause invalid\n memory accesses. (bsc#1013663)\n\n This update was imported from the SUSE:SLE-12-SP2:Update update project.\n\n", "cvss3": {}, "published": "2017-01-08T01:14:49", "type": "suse", "title": "Security update for gstreamer-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-08T01:14:49", "id": "OPENSUSE-SU-2017:0071-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00007.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-16T19:01:21", "description": "This update for gstreamer-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\n\n", "cvss3": {}, "published": "2017-01-16T19:17:35", "type": "suse", "title": "Security update for gstreamer-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-16T19:17:35", "id": "OPENSUSE-SU-2017:0151-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00020.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-16T19:01:21", "description": "This update for gstreamer-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\n\n", "cvss3": {}, "published": "2017-01-16T19:10:24", "type": "suse", "title": "Security update for gstreamer-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-16T19:10:24", "id": "OPENSUSE-SU-2017:0141-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00018.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-30T18:05:47", "description": "This update for gstreamer-plugins-good fixes the following security issues:\n\n - CVE-2016-9807: Flic decoder invalid read could lead to crash.\n (bsc#1013655)\n - CVE-2016-9634: Flic out-of-bounds write could lead to code execution.\n (bsc#1012102)\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution.\n (bsc#1012103)\n - CVE-2016-9635: Flic out-of-bounds write could lead to code execution.\n (bsc#1012104)\n - CVE-2016-9808: A maliciously crafted flic file can still cause invalid\n memory accesses. (bsc#1013653)\n - CVE-2016-9810: A maliciously crafted flic file can still cause invalid\n memory accesses. (bsc#1013663)\n\n", "cvss3": {}, "published": "2016-12-30T18:08:10", "type": "suse", "title": "Security update for gstreamer-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2016-12-30T18:08:10", "id": "SUSE-SU-2016:3303-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00099.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2016-12-29T14:05:42", "description": "This update for gstreamer-plugins-good fixes the following issues:\n\n * CVE-2016-9807: flic decoder invalid read could lead to crash\n [bsc#1013655]\n * CVE-2016-9634: flic out-of-bounds write could lead to code execution\n [bsc#1012102]\n * CVE-2016-9635: flic out-of-bounds write could lead to code execution\n [bsc#1012103]\n * CVE-2016-9635: flic out-of-bounds write could lead to code execution\n [bsc#1012104]\n * CVE-2016-9808: A maliciously crafted flic file can still cause invalid\n memory accesses. [bsc#1013653]\n * CVE-2016-9810: A maliciously crafted flic file can still cause invalid\n memory accesses [bsc#1013663]\n\n", "cvss3": {}, "published": "2016-12-29T13:08:43", "type": "suse", "title": "Security update for gstreamer-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2016-12-29T13:08:43", "id": "SUSE-SU-2016:3288-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00097.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-20T18:59:36", "description": "gstreamer-0_10-plugins-good was updated to fix five security issues.\n\n These security issues were fixed:\n\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103).\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102).\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663).\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655).\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653).\n\n To install this update libbz2-1 needs to be installed if it isn't already\n present on the system.\n\n", "cvss3": {}, "published": "2017-01-20T18:09:49", "type": "suse", "title": "Security update for gstreamer-0_10-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-20T18:09:49", "id": "SUSE-SU-2017:0237-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00047.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-19T21:02:24", "description": "This update for gstreamer-0_10-plugins-good fixes the following issues:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104)\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\n\n", "cvss3": {}, "published": "2017-01-19T21:10:07", "type": "suse", "title": "Security update for gstreamer-0_10-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-19T21:10:07", "id": "SUSE-SU-2017:0210-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00035.html", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2017-01-20T16:59:42", "description": "gstreamer-0_10-plugins-good was updated to fix six security issues.\n\n These security issues were fixed:\n\n - CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012102)\n - CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds\n write (bsc#1012103)\n - CVE-2016-9636: Prevent maliciously crafted flic files from causing\n invalid memory writes (bsc#1012104).\n - CVE-2016-9807: Prevent the reading of invalid memory in\n flx_decode_chunks, leading to DoS (bsc#1013655)\n - CVE-2016-9808: Prevent maliciously crafted flic files from causing\n invalid memory accesses (bsc#1013653)\n - CVE-2016-9810: Invalid files can be used to extraneous unreferences,\n leading to invalid memory access and DoS (bsc#1013663)\n\n", "cvss3": {}, "published": "2017-01-20T17:08:55", "type": "suse", "title": "Security update for gstreamer-0_10-plugins-good (important)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2016-9810", "CVE-2016-9636", "CVE-2016-9808", "CVE-2016-9635", "CVE-2016-9634", "CVE-2016-9807"], "modified": "2017-01-20T17:08:55", "id": "SUSE-SU-2017:0225-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00036.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2022-01-17T19:05:26", "description": "### Background\n\nThe GStreamer plug-ins provide decoders to the GStreamer open source media framework. \n\n### Description\n\nMultiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll gst-plugins-bad users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-libs/gst-plugins-bad-1.10.3:1.0\"\n \n\nAll gst-plugins-good users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-libs/gst-plugins-good-1.10.3:1.0\"\n \n\nAll gst-plugins-base users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-libs/gst-plugins-base-1.10.3:1.0\"\n \n\nAll gst-plugins-ugly users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose\n \">=media-libs/gst-plugins-ugly-1.10.3:1.0\"", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-05-18T00:00:00", "type": "gentoo", "title": "GStreamer plug-ins: User-assisted execution of arbitrary code", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10198", "CVE-2016-10199", "CVE-2016-9445", "CVE-2016-9446", "CVE-2016-9447", "CVE-2016-9634", "CVE-2016-9635", "CVE-2016-9636", "CVE-2016-9807", "CVE-2016-9808", "CVE-2016-9809", "CVE-2016-9810", "CVE-2016-9811", "CVE-2016-9812", "CVE-2016-9813", "CVE-2017-5837", "CVE-2017-5838", "CVE-2017-5839", "CVE-2017-5840", "CVE-2017-5841", "CVE-2017-5842", "CVE-2017-5843", "CVE-2017-5844", "CVE-2017-5845", "CVE-2017-5846", "CVE-2017-5847", "CVE-2017-5848"], "modified": "2017-05-18T00:00:00", "id": "GLSA-201705-10", "href": "https://security.gentoo.org/glsa/201705-10", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}