gstreamer-plugins-bad-free-0.10.23-22.el7

エラータID: AXSA:2017-1229:01

Release date: 
Monday, January 9, 2017 - 11:43
Subject: 
gstreamer-plugins-bad-free-0.10.23-22.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.

This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.

Security issues fixed with this release:

CVE-2016-9445
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9447
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2016-9809
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.

Solution: 

Update packages.

CVEs: 
CVE-2016-9445
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
CVE-2016-9447
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
CVE-2016-9809
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
Additional Info: 

N/A

Download: 

SRPMS
  1. gstreamer-plugins-bad-free-0.10.23-22.el7.src.rpm
    MD5: 68cad7fe9da72a42ccc66efd29cdb781
    SHA-256: 4b8d32011798838295658eeb1dbe38e4fe50d079e6ab722ccf3bf130676ce3f5
    Size: 3.22 MB

Asianux Server 7 for x86_64
  1. gstreamer-plugins-bad-free-0.10.23-22.el7.x86_64.rpm
    MD5: 1d571ea4478279edaa7239970674def5
    SHA-256: 80994c2029a8f84eb92c49eac19667c043060639d2bcbbeab09c2ec0f6330612
    Size: 1.37 MB
  2. gstreamer-plugins-bad-free-0.10.23-22.el7.i686.rpm
    MD5: 2338fb95a793842a22d6e595ddfb4863
    SHA-256: d94fc8ef58f5f5ff6cafd5d025e6da12ca86a7dfba0d4542a49f91633758aa86
    Size: 1.36 MB