gstreamer1-plugins-good-1.4.5-3.el7

エラータID: AXSA:2017-1224:01

Release date: 
Friday, January 6, 2017 - 11:47
Subject: 
gstreamer1-plugins-good-1.4.5-3.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.

GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.

Security issues fixed with this release:

CVE-2016-9634
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9635
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9636
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9807
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9808
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-9634
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
CVE-2016-9635
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVE-2016-9636
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
CVE-2016-9807
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
CVE-2016-9808
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
Additional Info: 

N/A

Download: 

SRPMS
  1. gstreamer1-plugins-good-1.4.5-3.el7.src.rpm
    MD5: 4585640383c62f97071d6645b4963b9c
    SHA-256: 6c3141e718a32b2ccaf058b3834948f6bee1686a759cb78da9b06022c9fa1d1c
    Size: 2.91 MB

Asianux Server 7 for x86_64
  1. gstreamer1-plugins-good-1.4.5-3.el7.x86_64.rpm
    MD5: 1d84b8a93ccdd572baf0fa8a2f3298d4
    SHA-256: b8df0d89f37154d7283ed657a91116e1c9424599cdbf99c5154a1f27bcb8b73c
    Size: 1.79 MB
  2. gstreamer1-plugins-good-1.4.5-3.el7.i686.rpm
    MD5: 699677a65425d18cbbb4d872111e9bb3
    SHA-256: 56bf13e32f0047c8782d9e724fca8b694ec12d75feceef48decb7c1262884e2b
    Size: 1.79 MB