gstreamer1-plugins-bad-free-1.4.5-6.el7

エラータID: AXSA:2017-1226:01

Release date: 
Friday, January 6, 2017 - 14:08
Subject: 
gstreamer1-plugins-bad-free-1.4.5-6.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.

This package contains plug-ins that aren't tested well enough, or the code
is not of good enough quality.

Security issues fixed with this release:

CVE-2016-9445
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9809
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9812
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9813
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-9445
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
CVE-2016-9809
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
CVE-2016-9812
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
CVE-2016-9813
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
Additional Info: 

N/A

Download: 

SRPMS
  1. gstreamer1-plugins-bad-free-1.4.5-6.el7.src.rpm
    MD5: 3605ee3776b7fed723b44bf35fbc4080
    SHA-256: 2350c8852e5e40d9d7f65213fd92e8d6db1cf46c7efe4a2fbf5d456345e764d1
    Size: 3.98 MB

Asianux Server 7 for x86_64
  1. gstreamer1-plugins-bad-free-1.4.5-6.el7.x86_64.rpm
    MD5: 918d1d9c952246eae275eca364eb3fdf
    SHA-256: 5e31957bda76d2f1ceda3fb1824d53f7136889241917060551ec561689b45cfb
    Size: 1.42 MB
  2. gstreamer1-plugins-bad-free-1.4.5-6.el7.i686.rpm
    MD5: ef52d80e295b685bd2ddf22a91445e5b
    SHA-256: 8baebf9b5b266ddc8c98ca9a69ffcbde755f94bc78b64cf7dc1d0a3fa2ffa958
    Size: 1.41 MB