[SECURITY] [DLA 2226-1] gst-plugins-ugly0.10 security update

2020-05-3015:54:04

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.9

Confidence

High

EPSS

0.032

Percentile

91.2%

JSON

Package : gst-plugins-ugly0.10
Version : 0.10.19-2.1+deb8u1
CVE ID : CVE-2017-5846 CVE-2017-5847

Two memory management issues were found in the asfdemux element of the
GStreamer "ugly" plugin collection, which can be triggered via a
maliciously crafted file.

For Debian 8 "Jessie", these problems have been fixed in version
0.10.19-2.1+deb8u1.

We recommend that you upgrade your gst-plugins-ugly0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8allgst-plugins-ugly1.0< 1.4.4-2+deb8u1gst-plugins-ugly1.0_1.4.4-2+deb8u1_all.deb
Debian8armhfgstreamer1.0-plugins-ugly-dbg< 1.4.4-2+deb8u1gstreamer1.0-plugins-ugly-dbg_1.4.4-2+deb8u1_armhf.deb
Debian8arm64gstreamer1.0-plugins-ugly-dbg< 1.4.4-2+deb8u1gstreamer1.0-plugins-ugly-dbg_1.4.4-2+deb8u1_arm64.deb
Debian8allgstreamer0.10-plugins-ugly-doc< 0.10.19-2.1+deb8u1gstreamer0.10-plugins-ugly-doc_0.10.19-2.1+deb8u1_all.deb
Debian8arm64gstreamer1.0-plugins-ugly< 1.4.4-2+deb8u1gstreamer1.0-plugins-ugly_1.4.4-2+deb8u1_arm64.deb
Debian8kfreebsd-amd64gstreamer1.0-plugins-ugly< 1.4.4-2+deb8u1gstreamer1.0-plugins-ugly_1.4.4-2+deb8u1_kfreebsd-amd64.deb
Debian8ppc64elgstreamer1.0-plugins-ugly-dbg< 1.4.4-2+deb8u1gstreamer1.0-plugins-ugly-dbg_1.4.4-2+deb8u1_ppc64el.deb
Debian8armhfgstreamer0.10-plugins-ugly-dbg< 0.10.19-2.1+deb8u1gstreamer0.10-plugins-ugly-dbg_0.10.19-2.1+deb8u1_armhf.deb
Debian7allgstreamer0.10-plugins-ugly-doc< 0.10.19-2+deb7u1gstreamer0.10-plugins-ugly-doc_0.10.19-2+deb7u1_all.deb
Debian8i386gstreamer1.0-plugins-ugly< 1.4.4-2+deb8u1gstreamer1.0-plugins-ugly_1.4.4-2+deb8u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	all	gst-plugins-ugly1.0	< 1.4.4-2+deb8u1	gst-plugins-ugly1.0_1.4.4-2+deb8u1_all.deb
Debian	8	armhf	gstreamer1.0-plugins-ugly-dbg	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-ugly-dbg_1.4.4-2+deb8u1_armhf.deb
Debian	8	arm64	gstreamer1.0-plugins-ugly-dbg	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-ugly-dbg_1.4.4-2+deb8u1_arm64.deb
Debian	8	all	gstreamer0.10-plugins-ugly-doc	< 0.10.19-2.1+deb8u1	gstreamer0.10-plugins-ugly-doc_0.10.19-2.1+deb8u1_all.deb
Debian	8	arm64	gstreamer1.0-plugins-ugly	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-ugly_1.4.4-2+deb8u1_arm64.deb
Debian	8	kfreebsd-amd64	gstreamer1.0-plugins-ugly	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-ugly_1.4.4-2+deb8u1_kfreebsd-amd64.deb
Debian	8	ppc64el	gstreamer1.0-plugins-ugly-dbg	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-ugly-dbg_1.4.4-2+deb8u1_ppc64el.deb
Debian	8	armhf	gstreamer0.10-plugins-ugly-dbg	< 0.10.19-2.1+deb8u1	gstreamer0.10-plugins-ugly-dbg_0.10.19-2.1+deb8u1_armhf.deb
Debian	7	all	gstreamer0.10-plugins-ugly-doc	< 0.10.19-2+deb7u1	gstreamer0.10-plugins-ugly-doc_0.10.19-2+deb7u1_all.deb
Debian	8	i386	gstreamer1.0-plugins-ugly	< 1.4.4-2+deb8u1	gstreamer1.0-plugins-ugly_1.4.4-2+deb8u1_i386.deb