clutter, gnome, gstreamer, gstreamer1, orc security update

2017-08-2401:36:20

CentOS Project

lists.centos.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.037

Percentile

92.0%

JSON

CentOS Errata and Security Advisory CESA-2017:2060

GStreamer is a streaming media framework based on graphs of filters which operate on media data.

The following packages have been upgraded to a later upstream version: clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es):

Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848)

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Affected packages:
clutter-gst2
clutter-gst2-devel
gnome-video-effects
gstreamer-plugins-bad-free
gstreamer-plugins-bad-free-devel
gstreamer-plugins-bad-free-devel-docs
gstreamer-plugins-good
gstreamer-plugins-good-devel-docs
gstreamer1
gstreamer1-devel
gstreamer1-devel-docs
gstreamer1-plugins-bad-free
gstreamer1-plugins-bad-free-devel
gstreamer1-plugins-bad-free-gtk
gstreamer1-plugins-base
gstreamer1-plugins-base-devel
gstreamer1-plugins-base-devel-docs
gstreamer1-plugins-base-tools
gstreamer1-plugins-good
orc
orc-compiler
orc-devel
orc-doc

Upstream details at:
https://access.redhat.com/errata/RHSA-2017:2060

OSVersionArchitecturePackageVersionFilename
CentOS7i686clutter-gst2< 2.0.18-1.el7clutter-gst2-2.0.18-1.el7.i686.rpm
CentOS7x86_64clutter-gst2< 2.0.18-1.el7clutter-gst2-2.0.18-1.el7.x86_64.rpm
CentOS7i686clutter-gst2-devel< 2.0.18-1.el7clutter-gst2-devel-2.0.18-1.el7.i686.rpm
CentOS7x86_64clutter-gst2-devel< 2.0.18-1.el7clutter-gst2-devel-2.0.18-1.el7.x86_64.rpm
CentOS7noarchgnome-video-effects< 0.4.3-1.el7gnome-video-effects-0.4.3-1.el7.noarch.rpm
CentOS7i686gstreamer1< 1.10.4-2.el7gstreamer1-1.10.4-2.el7.i686.rpm
CentOS7x86_64gstreamer1< 1.10.4-2.el7gstreamer1-1.10.4-2.el7.x86_64.rpm
CentOS7i686gstreamer1-devel< 1.10.4-2.el7gstreamer1-devel-1.10.4-2.el7.i686.rpm
CentOS7x86_64gstreamer1-devel< 1.10.4-2.el7gstreamer1-devel-1.10.4-2.el7.x86_64.rpm
CentOS7noarchgstreamer1-devel-docs< 1.10.4-2.el7gstreamer1-devel-docs-1.10.4-2.el7.noarch.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	7	i686	clutter-gst2	< 2.0.18-1.el7	clutter-gst2-2.0.18-1.el7.i686.rpm
CentOS	7	x86_64	clutter-gst2	< 2.0.18-1.el7	clutter-gst2-2.0.18-1.el7.x86_64.rpm
CentOS	7	i686	clutter-gst2-devel	< 2.0.18-1.el7	clutter-gst2-devel-2.0.18-1.el7.i686.rpm
CentOS	7	x86_64	clutter-gst2-devel	< 2.0.18-1.el7	clutter-gst2-devel-2.0.18-1.el7.x86_64.rpm
CentOS	7	noarch	gnome-video-effects	< 0.4.3-1.el7	gnome-video-effects-0.4.3-1.el7.noarch.rpm
CentOS	7	i686	gstreamer1	< 1.10.4-2.el7	gstreamer1-1.10.4-2.el7.i686.rpm
CentOS	7	x86_64	gstreamer1	< 1.10.4-2.el7	gstreamer1-1.10.4-2.el7.x86_64.rpm
CentOS	7	i686	gstreamer1-devel	< 1.10.4-2.el7	gstreamer1-devel-1.10.4-2.el7.i686.rpm
CentOS	7	x86_64	gstreamer1-devel	< 1.10.4-2.el7	gstreamer1-devel-1.10.4-2.el7.x86_64.rpm
CentOS	7	noarch	gstreamer1-devel-docs	< 1.10.4-2.el7	gstreamer1-devel-docs-1.10.4-2.el7.noarch.rpm