Debian DLA-829-1 : gst-plugins-ugly0.10 security update

Two memory management issues were found in the asfdemux element of the GStreamer 'ugly' plugin collection, which can be triggered via a maliciously crafted file. For Debian 7 'Wheezy', these problems have been fixed in version 0.10.19-2+deb7u1. We recommend that you upgrade your...

Fedora 25 : mingw-gstreamer1-plugins-bad-free (2017-216f4b9f9d)

Security fix for CVE-2017-5848, CVE-2017-5843 - Downgrade to 1.10.3 as it is the latest stable release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as muc...

Fedora 25 : mingw-gstreamer1-plugins-good (2017-1fc4026d15)

Security fix for CVE-2016-10199, CVE-2017-5845, CVE-2017-5840, CVE-2017-5841 - Downgrade to 1.10.3 as it is the latest stable release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to...

Debian DLA-828-1 : gst-plugins-good0.10 security update

Two memory handling issues were found in gst-plugins-good0.10 : CVE-2016-10198 An invalid read can be triggered in the aacparse element via a maliciously crafted file. CVE-2017-5840 An out of bounds heap read can be triggered in the qtdemux element via a maliciously crafted file. For Debian 7...

[SECURITY] Fedora 25 Update: mingw-gstreamer1-plugins-good-1.10.3-1.fc25

GStreamer is a streaming media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plugin-based architecture means that new data types ...

[SECURITY] [DLA 830-1] gst-plugins-bad0.10 security update

Package : gst-plugins-bad0.10 Version : 0.10.23-7.1+deb7u5 CVE ID : CVE-2017-5843 CVE-2017-5848 Some memory management issues were found in the GStreamer "bad" plugins: CVE-2017-5843 A use after free issue was found in the mxfdemux element, which can can be triggered via a maliciously crafted fil...

[SECURITY] [DLA 829-1] gst-plugins-ugly0.10 security update

Package : gst-plugins-ugly0.10 Version : 0.10.19-2+deb7u1 CVE ID : CVE-2017-5846 CVE-2017-5847 Two memory management issues were found in the asfdemux element of the GStreamer "ugly" plugin collection, which can be triggered via a maliciously crafted file. For Debian 7 "Wheezy", these problems ha...

[SECURITY] [DLA 827-1] gst-plugins-base0.10 security update

Package : gst-plugins-base0.10 Version : 0.10.36-1.1+deb7u2 CVE ID : CVE-2017-5837 CVE-2017-5844 It was discovered that it is possible to trigger a floating point exception in GStreamer via specially crafted files, causing a denial of service. For Debian 7 "Wheezy", these problems have been fixed...

DLA-829-1 gst-plugins-ugly0.10 - security update

Bulletin has no description...

DLA-830-1 gst-plugins-bad0.10 - security update

Bulletin has no description...

DLA-827-1 gst-plugins-base0.10 - security update

Bulletin has no description...

DLA-828-1 gst-plugins-good0.10 - security update

Bulletin has no description...

UBUNTU-CVE-2016-10026

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revisio...

CVE-2017-5960

An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameters passed to the "phalconeye-master/public/external/pydio/plugins/editor.webodf/frame.php" URL. An attacker could execute arbitrary HTML...

Updated audacious-plugins packages fix security vulnerability

Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961. These issues were...

MGASA-2017-0046 Updated audacious-plugins packages fix security vulnerability

Chris Evans discovered that incorrect emulation of the SPC700 audio co-processor of the Super Nintendo Entertainment System allows the execution of arbitrary code if a malformed SPC music file is opened CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961. These issues were...

GStreamer gst-plugins-good Denial of Service Vulnerability

GStreamer is a set of frameworks for handling streaming media. A denial of service vulnerability exists in GStreamer gst-plugins-good. A remote attacker can cause a denial of service invalid memory reads and crashes via a crafted audio file...

GStreamer gst-plugins-base denial of service vulnerability

GStreamer is a set of frameworks for handling streaming media. A denial of service vulnerability exists in GStreamer gst-plugins-base, which allows remote attackers to cause a denial of service floating point exception and crash via a crafted video file...

GStreamer gst-plugins-good denial of service vulnerability (CNVD-2017-01486)

GStreamer is a set of frameworks for handling streaming media. A denial of service vulnerability exists in GStreamer gst-plugins-good, which allows remote attackers to cause a denial of service out-of-bounds reads and crashes via a crafted tagged value...

GStreamer gst-plugins-good denial of service vulnerability (CNVD-2017-01450)

GStreamer is a set of frameworks for handling streaming media. A denial-of-service vulnerability exists in GStreamer gst-plugins-good, which allows remote attackers to exploit the vulnerability to cause a denial of service out-of-bounds heap read...