RockyLinux 9 : gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free (RLSA-2026:19180)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19180 advisory. GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer: GStreamer: Remote Code Execution via heap-based buffer...

TencentOS Server 3: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good (TSSA-2026:0391)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0391 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: fix leak of memory fw...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: az6027: fix null-ptr-deref in az6027i2cxfer Wei Chen reports a kernel bug as follows: General protection fault, likely for non-canonical addresses. KASAN: Nullptrderef within the range...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch addressed a issue related to KASAN in stv0367; now a similar problem has emerged with clang: drivers/media/dvb-frontends/stv0367.c:1222:12: Error:...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: media: vidtv: Fixed a null pointer dereference in vidtvmuxstopthread. A report from syzbot indicated a null pointer dereference in vidtvmuxstopthread. 1 If dvb-mux is not initialized successfully by vidtvmuxinit during...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: Media: dvb-frontends: w7090p: Fixed the nullptrderef issue in w7090ptunerwriteserpar and w7090ptunerreadserpar. In w7090ptunerwriteserpar, msg is controlled by the user. When msg0.buf is null and msg0.len is zero, previous...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: The dvbdev: device driver adopts a mechanism called refcnt to avoid Use-After-Free errors. It is known that the function dvbunregisterdevice is prone to use-after-free issues. In other words, the cleanup performed by...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Media: dvb-usb: fixed a memory leak in dvbusbadapterinit Syzbot reported a memory leak in “dvbusbadapterinit. The leak occurs because the current iteration’s adapter-priv is not freed in case of an error. Currently, if an error...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: Media: dvb-frontends: tda10048 – Fixed integer overflow. state-xtalhz can be up to 16M; when multiplied by pllmfactor, it may cause an integer overflow. A new 64-bit variable was created to store the calculations...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: Media: edia: dvbdev: fixed a use-after-free issue. In dvbregisterdevice, pdvbdev is set to equal dvbdev, which is freed in several error-handling paths. However, pdvbdev is not set to NULL after dvbdev’s deallocation, resulting i...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: The risk of out-of-memory access has been prevented. The dvbdev module contains a static variable used to store dvb minors. Its behavior depends on whether CONFIGDVBDYNAMICMINORS is set or not. When it is not set,...

Astra Linux - уязвимость в linux, linux-5.15, linux-5.10

A issue was discovered in the file drivers/media/dvb-core/dvbfrontend.c within the Linux kernel version 6.2. There is a blocking operation that occurs when a task is in the !TASKRUNNING state. In the function dvbfrontendgetevent, the function waiteventinterruptible is called; the condition used i...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib7090p: A fix was added for the nullptrderef issue in dib7090prwonapb. In dib7090prwonapb, msg is controlled by the user. When msg0.buf is null and msg0.len is zero, previous checks on msg0.buf might still...

Astra Linux - уязвимость в linux, linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: media: anysee: fix null-ptr-deref in anyseemasterxfer In anyseemasterxfer, msg is controlled by the user. When msgi.buf is null and msgi.len is zero, previous checks on msgi.buf will still be performed. Malicious data will...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021529)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021529 advisory. In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvbregisterdevice In function dvbregisterdevice -...

GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling

A flaw was found in GStreamer. This out-of-bounds write vulnerability in the DVB Digital Video Broadcasting Subtitles handling allows remote attackers to execute arbitrary code. The issue stems from improper validation of user-supplied coordinate data, which can lead to writing beyond the...

ALSA-2026:19024 Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fixes: GStreamer: GStreamer: Arbitrary code execution via ASF file processing CVE-2026-2920 GStreamer:...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: gstreamer1-plugins-good (UTSA-2026-021410)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021410 advisory. GStreamer DVB Subtitles Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected...

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: media: vidtv: Terminating the subsequent process of initialization failure syzbot reported a slab-use-after-free Read in vidtvmuxinit. 1 After PSI initialization fails, the si member is accessed again, resulting in this uaf. Afte...