Lucene search

DebianDEBIAN:DSA-3818-1:FE037

HistoryMar 27, 2017 - 8:46 p.m.

[SECURITY] [DSA 3818-1] gst-plugins-bad1.0 security update

2017-03-2720:46:27

lists.debian.org

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

Confidence

High

EPSS

0.033

Percentile

91.3%

JSON

Debian Security Advisory DSA-3818-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq

Package : gst-plugins-bad1.0
CVE ID : CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843
CVE-2017-5848

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.

For the stable distribution (jessie), these problems have been fixed in
version 1.4.4-2.1+deb8u2.

For the upcoming stable distribution (stretch), these problems have been
fixed in version 1.10.4-1.

For the unstable distribution (sid), these problems have been fixed in
version 1.10.4-1.

We recommend that you upgrade your gst-plugins-bad1.0 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian8arm64libgstreamer-plugins-bad1.0-0< 1.4.4-2.1+deb8u2libgstreamer-plugins-bad1.0-0_1.4.4-2.1+deb8u2_arm64.deb
Debian8kfreebsd-amd64gstreamer1.0-plugins-bad-dbg< 1.4.4-2.1+deb8u2gstreamer1.0-plugins-bad-dbg_1.4.4-2.1+deb8u2_kfreebsd-amd64.deb
Debian7armhflibgstreamer-plugins-bad0.10-0< 0.10.23-7.1+deb7u4libgstreamer-plugins-bad0.10-0_0.10.23-7.1+deb7u4_armhf.deb
Debian7i386gstreamer0.10-plugins-bad-dbg< 0.10.23-7.1+deb7u5gstreamer0.10-plugins-bad-dbg_0.10.23-7.1+deb7u5_i386.deb
Debian8armelgstreamer0.10-plugins-bad< 0.10.23-7.4+deb8u3gstreamer0.10-plugins-bad_0.10.23-7.4+deb8u3_armel.deb
Debian8armelgstreamer0.10-plugins-bad-dbg< 0.10.23-7.4+deb8u3gstreamer0.10-plugins-bad-dbg_0.10.23-7.4+deb8u3_armel.deb
Debian8kfreebsd-amd64gstreamer1.0-plugins-bad< 1.4.4-2.1+deb8u2gstreamer1.0-plugins-bad_1.4.4-2.1+deb8u2_kfreebsd-amd64.deb
Debian8mipsgstreamer1.0-plugins-bad-dbg< 1.4.4-2.1+deb8u2gstreamer1.0-plugins-bad-dbg_1.4.4-2.1+deb8u2_mips.deb
Debian7armelgstreamer0.10-plugins-bad< 0.10.23-7.1+deb7u4gstreamer0.10-plugins-bad_0.10.23-7.1+deb7u4_armel.deb
Debian7armellibgstreamer-plugins-bad0.10-dev< 0.10.23-7.1+deb7u4libgstreamer-plugins-bad0.10-dev_0.10.23-7.1+deb7u4_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	arm64	libgstreamer-plugins-bad1.0-0	< 1.4.4-2.1+deb8u2	libgstreamer-plugins-bad1.0-0_1.4.4-2.1+deb8u2_arm64.deb
Debian	8	kfreebsd-amd64	gstreamer1.0-plugins-bad-dbg	< 1.4.4-2.1+deb8u2	gstreamer1.0-plugins-bad-dbg_1.4.4-2.1+deb8u2_kfreebsd-amd64.deb
Debian	7	armhf	libgstreamer-plugins-bad0.10-0	< 0.10.23-7.1+deb7u4	libgstreamer-plugins-bad0.10-0_0.10.23-7.1+deb7u4_armhf.deb
Debian	7	i386	gstreamer0.10-plugins-bad-dbg	< 0.10.23-7.1+deb7u5	gstreamer0.10-plugins-bad-dbg_0.10.23-7.1+deb7u5_i386.deb
Debian	8	armel	gstreamer0.10-plugins-bad	< 0.10.23-7.4+deb8u3	gstreamer0.10-plugins-bad_0.10.23-7.4+deb8u3_armel.deb
Debian	8	armel	gstreamer0.10-plugins-bad-dbg	< 0.10.23-7.4+deb8u3	gstreamer0.10-plugins-bad-dbg_0.10.23-7.4+deb8u3_armel.deb
Debian	8	kfreebsd-amd64	gstreamer1.0-plugins-bad	< 1.4.4-2.1+deb8u2	gstreamer1.0-plugins-bad_1.4.4-2.1+deb8u2_kfreebsd-amd64.deb
Debian	8	mips	gstreamer1.0-plugins-bad-dbg	< 1.4.4-2.1+deb8u2	gstreamer1.0-plugins-bad-dbg_1.4.4-2.1+deb8u2_mips.deb
Debian	7	armel	gstreamer0.10-plugins-bad	< 0.10.23-7.1+deb7u4	gstreamer0.10-plugins-bad_0.10.23-7.1+deb7u4_armel.deb
Debian	7	armel	libgstreamer-plugins-bad0.10-dev	< 0.10.23-7.1+deb7u4	libgstreamer-plugins-bad0.10-dev_0.10.23-7.1+deb7u4_armel.deb