gstreamer-plugins-good-0.10.31-12.el7

エラータID: AXSA:2017-1225:01

Release date: 
Friday, January 6, 2017 - 11:49
Subject: 
gstreamer-plugins-good-0.10.31-12.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.

GStreamer Good Plug-ins is a collection of well-supported plug-ins of
good quality and under the LGPL license.

Security issues fixed with this release:

CVE-2016-9634
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9635
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9636
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9807
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9808
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-9634
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
CVE-2016-9635
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
CVE-2016-9636
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
CVE-2016-9807
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
CVE-2016-9808
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
Additional Info: 

N/A

Download: 

SRPMS
  1. gstreamer-plugins-good-0.10.31-12.el7.src.rpm
    MD5: 21e0ddb0a5e22bc6093e420351c6ee02
    SHA-256: 9c998bad31e67021d23fbd7174e27451bcd210c807709d31cb3591160310af57
    Size: 2.64 MB

Asianux Server 7 for x86_64
  1. gstreamer-plugins-good-0.10.31-12.el7.x86_64.rpm
    MD5: 2e59034484dee7c57f9777d7bdd5bf88
    SHA-256: 3b43e79a17c45ad216d440ec8bb1a75d67b5e159dfe85cad5a2e5c5253d674e5
    Size: 1.51 MB
  2. gstreamer-plugins-good-0.10.31-12.el7.i686.rpm
    MD5: 9e87d4d9664c497a32d5dc942db18c2c
    SHA-256: def2f58886632bbdf7391028f04e03785cc7da2bcd1c226f760d3c2eb5eed062
    Size: 1.52 MB