[SECURITY] [DSA 5204-1] gst-plugins-good1.0 security update

2022-08-0919:19:23

lists.debian.org

debian

gstreamer

avi

mastroska

security

update

vulnerabilities

bullseye

advisory

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.9 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

33.4%

JSON

Debian Security Advisory DSA-5204-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
August 09, 2022 https://www.debian.org/security/faq

Package : gst-plugins-good1.0
CVE ID : CVE-2022-1920 CVE-2022-1921 CVE-2022-1922 CVE-2022-1923
CVE-2022-1924 CVE-2022-1925 CVE-2022-2122

Adam Doupe discovered multiple vulnerabilities in the Gstreamer plugins
to demux Mastroska and AVI files which could result in denial of service
or the execution of arbitrary code.

For the stable distribution (bullseye), these problems have been fixed in
version 1.18.4-2+deb11u1.

We recommend that you upgrade your gst-plugins-good1.0 packages.

For the detailed security status of gst-plugins-good1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-good1.0

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10arm64gstreamer1.0-qt5< 1.14.4-1+deb10u2gstreamer1.0-qt5_1.14.4-1+deb10u2_arm64.deb
Debian11mips64elgstreamer1.0-gtk3< 1.18.4-2+deb11u1gstreamer1.0-gtk3_1.18.4-2+deb11u1_mips64el.deb
Debian11s390xgstreamer1.0-plugins-good< 1.18.4-2+deb11u1gstreamer1.0-plugins-good_1.18.4-2+deb11u1_s390x.deb
Debian11ppc64elgstreamer1.0-qt5-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian11mips64elgstreamer1.0-plugins-good-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u1_mips64el.deb
Debian11i386gstreamer1.0-qt5< 1.18.4-2+deb11u1gstreamer1.0-qt5_1.18.4-2+deb11u1_i386.deb
Debian11mipselgstreamer1.0-qt5< 1.18.4-2+deb11u1gstreamer1.0-qt5_1.18.4-2+deb11u1_mipsel.deb
Debian11i386gstreamer1.0-qt5-dbgsym< 1.18.4-2+deb11u1gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_i386.deb
Debian10i386gstreamer1.0-plugins-good< 1.14.4-1+deb10u2gstreamer1.0-plugins-good_1.14.4-1+deb10u2_i386.deb
Debian10arm64gstreamer1.0-gtk3< 1.14.4-1+deb10u2gstreamer1.0-gtk3_1.14.4-1+deb10u2_arm64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	10	arm64	gstreamer1.0-qt5	< 1.14.4-1+deb10u2	gstreamer1.0-qt5_1.14.4-1+deb10u2_arm64.deb
Debian	11	mips64el	gstreamer1.0-gtk3	< 1.18.4-2+deb11u1	gstreamer1.0-gtk3_1.18.4-2+deb11u1_mips64el.deb
Debian	11	s390x	gstreamer1.0-plugins-good	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good_1.18.4-2+deb11u1_s390x.deb
Debian	11	ppc64el	gstreamer1.0-qt5-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_ppc64el.deb
Debian	11	mips64el	gstreamer1.0-plugins-good-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-plugins-good-dbgsym_1.18.4-2+deb11u1_mips64el.deb
Debian	11	i386	gstreamer1.0-qt5	< 1.18.4-2+deb11u1	gstreamer1.0-qt5_1.18.4-2+deb11u1_i386.deb
Debian	11	mipsel	gstreamer1.0-qt5	< 1.18.4-2+deb11u1	gstreamer1.0-qt5_1.18.4-2+deb11u1_mipsel.deb
Debian	11	i386	gstreamer1.0-qt5-dbgsym	< 1.18.4-2+deb11u1	gstreamer1.0-qt5-dbgsym_1.18.4-2+deb11u1_i386.deb
Debian	10	i386	gstreamer1.0-plugins-good	< 1.14.4-1+deb10u2	gstreamer1.0-plugins-good_1.14.4-1+deb10u2_i386.deb
Debian	10	arm64	gstreamer1.0-gtk3	< 1.14.4-1+deb10u2	gstreamer1.0-gtk3_1.14.4-1+deb10u2_arm64.deb