[SECURITY] [DLA 3069-1] gst-plugins-good1.0 security update

2022-08-0915:51:07

lists.debian.org

debian

gstreamer

media framework

denial of service

arbitrary code

cve-2022-1920

cve-2022-1921

cve-2022-1922

cve-2022-1923

cve-2022-1924

cve-2022-1925

cve-2022-2122

buster

security tracker

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Debian LTS Advisory DLA-3069-1 [email protected]
https://www.debian.org/lts/security/ Sebastian Dro"ge
August 09, 2022 https://wiki.debian.org/LTS

Package : gst-plugins-good1.0
Version : 1.14.4-1+deb10u2
CVE ID : CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923
CVE-2022-1924 CVE-2022-1925 CVE-2022-2122

Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.

For Debian 10 buster, these problems have been fixed in version
1.14.4-1+deb10u2.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian11arm64gstreamer1.0-plugins-good< 1.18.4-2+deb11u1gstreamer1.0-plugins-good_1.18.4-2+deb11u1_arm64.deb
Debian11ppc64elgstreamer1.0-plugins-good-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian11mips64elgstreamer1.0-qt5-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_mips64el.deb
Debian11mipselgstreamer1.0-pulseaudio< 1.18.4-2+deb11u1gstreamer1.0-pulseaudio_1.18.4-2+deb11u1_mipsel.deb
Debian11amd64gstreamer1.0-qt5-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_amd64.deb
Debian10arm64gstreamer1.0-gtk3< 1.14.4-1+deb10u2gstreamer1.0-gtk3_1.14.4-1+deb10u2_arm64.deb
Debian10i386gstreamer1.0-gtk3< 1.14.4-1+deb10u2gstreamer1.0-gtk3_1.14.4-1+deb10u2_i386.deb
Debian10amd64gstreamer1.0-plugins-good< 1.14.4-1+deb10u2gstreamer1.0-plugins-good_1.14.4-1+deb10u2_amd64.deb
Debian11mips64elgstreamer1.0-qt5< 1.18.4-2+deb11u1gstreamer1.0-qt5_1.18.4-2+deb11u1_mips64el.deb
Debian11i386gstreamer1.0-plugins-good< 1.18.4-2+deb11u1gstreamer1.0-plugins-good_1.18.4-2+deb11u1_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	11	arm64	gstreamer1.0-plugins-good	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good_1.18.4-2+deb11u1_arm64.deb
Debian	11	ppc64el	gstreamer1.0-plugins-good-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian	11	mips64el	gstreamer1.0-qt5-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_mips64el.deb
Debian	11	mipsel	gstreamer1.0-pulseaudio	< 1.18.4-2+deb11u1	gstreamer1.0-pulseaudio_1.18.4-2+deb11u1_mipsel.deb
Debian	11	amd64	gstreamer1.0-qt5-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_amd64.deb
Debian	10	arm64	gstreamer1.0-gtk3	< 1.14.4-1+deb10u2	gstreamer1.0-gtk3_1.14.4-1+deb10u2_arm64.deb
Debian	10	i386	gstreamer1.0-gtk3	< 1.14.4-1+deb10u2	gstreamer1.0-gtk3_1.14.4-1+deb10u2_i386.deb
Debian	10	amd64	gstreamer1.0-plugins-good	< 1.14.4-1+deb10u2	gstreamer1.0-plugins-good_1.14.4-1+deb10u2_amd64.deb
Debian	11	mips64el	gstreamer1.0-qt5	< 1.18.4-2+deb11u1	gstreamer1.0-qt5_1.18.4-2+deb11u1_mips64el.deb
Debian	11	i386	gstreamer1.0-plugins-good	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good_1.18.4-2+deb11u1_i386.deb