GStreamer security, bug fix, and enhancement update
エラータID: AXSA:2017-2179:01
clutter-gst2
Clutter is an open source software library for creating fast, visually
rich and animated graphical user interfaces.
Clutter GStreamer enables the use of GStreamer with Clutter.
gnome-video-effects
A collection of GStreamer effects to be used in different GNOME Modules.
gstreamer1
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
gstreamer1-plugins-bad-free
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested well enough, or the code
is not of good enough quality.
gstreamer1-plugins-base
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.
This package contains a set of well-maintained base plug-ins.
gstreamer1-plugins-good
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plugins.
GStreamer Good Plugins is a collection of well-supported plugins of
good quality and under the LGPL license.
gstreamer-plugins-bad-free
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren't tested
well enough, or the code is not of good enough quality.
gstreamer-plugins-good
GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. Applications using this library can do anything
from real-time sound processing to playing videos, and just about anything
else media-related. Its plugin-based architecture means that new data
types or processing capabilities can be added simply by installing new
plug-ins.
GStreamer Good Plug-ins is a collection of well-supported plug-ins of
good quality and under the LGPL license.
orc
Orc is a library and set of tools for compiling and executing
very simple programs that operate on arrays of data. The "language"
is a generic assembly language that represents many of the features
available in SIMD architectures, including saturated addition and
subtraction, and many arithmetic operations.
CVE-2016-1019
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to
cause a denial of service (application crash) or possibly execute
arbitrary code via unspecified vectors, as exploited in the wild in
April 2016.
CVE-2016-9446
The vmnc decoder in the gstreamer does not initialize the render
canvas, which allows remote attackers to obtain sensitive information
as demonstrated by thumbnailing a simple 1 frame vmnc movie that does
not draw to the allocated render canvas.
CVE-2016-9810
The gst_decode_chain_free_internal function in the flxdex decoder in
gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to
cause a denial of service (invalid memory read and crash) via an
invalid file, which triggers an incorrect unref call.
CVE-2016-9811
The windows_icon_typefind function in gst-plugins-base in GStreamer
before 1.10.2, when G_SLICE is set to always-malloc, allows remote
attackers to cause a denial of service (out-of-bounds read) via a
crafted ico file.
CVE-2017-5837
The gst_riff_create_audio_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 allows remote attackers to cause a denial of service (floating
point exception and crash) via a crafted video file.
CVE-2017-5838
The gst_date_time_new_from_iso8601_string function in
gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers
to cause a denial of service (out-of-bounds heap read) via a malformed
datetime string.
CVE-2017-5839
The gst_riff_create_audio_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 does not properly limit recursion, which allows remote
attackers to cause a denial of service (stack overflow and crash) via
vectors involving nested WAVEFORMATEX.
CVE-2017-5840
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (out-of-bounds heap read) via vectors
involving the current stts index.
CVE-2017-5841
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (out-of-bounds heap read) via vectors
involving ncdt tags.
CVE-2017-5842
The html_context_handle_element function in gst/subparse/samiparse.c
in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers
to cause a denial of service (out-of-bounds write) via a crafted SMI
file, as demonstrated by OneNote_Manager.smi.
CVE-2017-5843
Multiple use-after-free vulnerabilities in the (1)
gst_mini_object_unref, (2) gst_tag_list_unref, and (3)
gst_mxf_demux_update_essence_tracks functions in GStreamer before
1.10.3 allow remote attackers to cause a denial of service (crash) via
vectors involving stream tags, as demonstrated by 02785736.mxf.
CVE-2017-5844
The gst_riff_create_audio_caps function in
gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before
1.10.3 allows remote attackers to cause a denial of service (floating
point exception and crash) via a crafted ASF file.
CVE-2017-5845
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in
gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to
cause a denial of service (invalid memory read and crash) via a ncdt
sub-tag that "goes behind" the surrounding tag.
CVE-2017-5848
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in
gst-plugins-bad in GStreamer allows remote attackers to cause a denial
of service (invalid memory read and crash) via vectors involving PSM
parsing.
Update packages.
Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, as exploited in the wild in April 2016.
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
N/A
SRPMS
- clutter-gst2-2.0.18-1.el7.src.rpm
MD5: 9d118eed4f3fa4ba14739aa5f8927a75
SHA-256: 6480e80faa3709e014302c4b927181d4c26b25fd9afb6d0f5c1bcbf9803a45d6
Size: 355.75 kB - gnome-video-effects-0.4.3-1.el7.src.rpm
MD5: 2e4ff38fbe86f79a7310edee16477437
SHA-256: 54bc4cefb0feb7a31d81034adc798d6867864d5328cc1ea3c33cef5381f3fb5d
Size: 143.83 kB - gstreamer-plugins-bad-free-0.10.23-23.el7.src.rpm
MD5: eee291bdf28880c3d1e171f86076fb4c
SHA-256: 6be590a6beb25b2f6b4ba42a63499b2435040296eca2501f3a2e6be67cc58ec9
Size: 3.22 MB - gstreamer-plugins-good-0.10.31-13.el7.src.rpm
MD5: 5c5c4d8423b47533b219b2cc1ecff6d2
SHA-256: a9efe6982d5fea27ff3c9363d728c53580f1ceb37341eddbc8a99ca236a809f6
Size: 2.64 MB - gstreamer1-plugins-bad-free-1.10.4-2.el7.src.rpm
MD5: 124a2bc5a7175016ad0de7eddb371c2e
SHA-256: 472f01bee4afbb2de3f9506b7d2351e21474d61f2237328d364e5e90042fb904
Size: 4.88 MB - gstreamer1-plugins-base-1.10.4-1.el7.src.rpm
MD5: b2f6da39382d7558462b1fc1024f520f
SHA-256: 0ec545b949d5780bc91efeb45ae71e063a2f9aafae8465dd3bdd6f1d8cfd3003
Size: 2.93 MB - gstreamer1-plugins-good-1.10.4-2.el7.src.rpm
MD5: 34915ce0764fd3f595ab0fe9a4726dd7
SHA-256: 067d683e79fbe5791d12f7955b65b7a455c3ad40a53050cec0718568baf5252b
Size: 3.27 MB - gstreamer1-1.10.4-2.el7.src.rpm
MD5: 14f7fa2c965c149a7bb79ae384d89d3c
SHA-256: 79c4dbf0022a671412d4676895357b29864ca47bc5936110278956de2c944216
Size: 3.63 MB - orc-0.4.26-1.el7.src.rpm
MD5: d755baf7ffa848e29980dc66d4f67156
SHA-256: 719127af646b74087370dc92913d8426a33124e85ae6c84aa35663e21aa1dd72
Size: 464.93 kB
Asianux Server 7 for x86_64
- clutter-gst2-2.0.18-1.el7.x86_64.rpm
MD5: fbdb99362854ea59ca8bc78438186c51
SHA-256: 33adcead873465d4c91946d608871c68c63a84d5accdddc3b67a419fb02c209e
Size: 60.08 kB - clutter-gst2-devel-2.0.18-1.el7.x86_64.rpm
MD5: bd1be45be7f54582bdd40ca13a69c118
SHA-256: fa3ce322851abe22c319274c1869616d5b4096c71f068a3359b1f467ec9cb085
Size: 15.74 kB - clutter-gst2-2.0.18-1.el7.i686.rpm
MD5: d226412d0da08902474cbd6c1f89e9d8
SHA-256: 2cca50354f4b5402ef5d8128d826f4b89ddec207edd40d9bf4a8d21729c7988a
Size: 59.42 kB - clutter-gst2-devel-2.0.18-1.el7.i686.rpm
MD5: fc14cdbd297bfe65f02be3916d64b257
SHA-256: 3b5e4a1164c135aafe54a00cb96348e7496bb696c5b32fb4174ae2ef28220ea7
Size: 15.77 kB - gnome-video-effects-0.4.3-1.el7.noarch.rpm
MD5: 531b715babf302a61f8789bcb2548841
SHA-256: 67907840e56546cac393ea5cbd5fcad10c3615af3075de7881ede1e3fdd865c7
Size: 72.76 kB - gstreamer-plugins-bad-free-0.10.23-23.el7.x86_64.rpm
MD5: 7744d9c88fdf70f8fa4961fd9385c899
SHA-256: 687a27ee5fa8ce285f05aa3503c2c7e9a86c0d3531cd72aa4ce9bf3025a02703
Size: 1.37 MB - gstreamer-plugins-bad-free-0.10.23-23.el7.i686.rpm
MD5: 57bb03e8ffa4f3ba0fab9d19405a6e13
SHA-256: 3eaedc3d7c5b05859a09a8f010a5af0db2fd4fe91e76f7c8f60fb7df60ae8a6c
Size: 1.37 MB - gstreamer-plugins-good-0.10.31-13.el7.x86_64.rpm
MD5: 0fe698a1c0e97afc3fd2223b98033982
SHA-256: dc6909b1e18b8d4fb0ba9458f9f743dcd18f9c33f40ea829baa3e98d9131533b
Size: 1.51 MB - gstreamer-plugins-good-0.10.31-13.el7.i686.rpm
MD5: 1e4ef042653926fc0a2ca4d786a42bdd
SHA-256: 703bcece0fd472037ad689021daa3cc69aeb52eb7969e7142f5037f6114ce0a0
Size: 1.52 MB - gstreamer1-plugins-bad-free-1.10.4-2.el7.x86_64.rpm
MD5: fb1eaebad751ceddb67af08c7e524742
SHA-256: aeae3b302ec57de83153d17b405eaf878ab01968dc983b45cf81d93a034576c1
Size: 1.69 MB - gstreamer1-plugins-bad-free-1.10.4-2.el7.i686.rpm
MD5: 9dc7bdadd481882de781b3d237f6b96e
SHA-256: 47a9de170e0cbad3466efd25e73d3477db4e8796aed20d1982a89712e12ab081
Size: 1.67 MB - gstreamer1-plugins-base-1.10.4-1.el7.x86_64.rpm
MD5: cef2933f9cadae5d1f1ac1564cacdeff
SHA-256: de1adaa5848b345e4e98a2b7b8cd1e4973a23981461547a74f13aa665753b9f1
Size: 1.42 MB - gstreamer1-plugins-base-devel-1.10.4-1.el7.x86_64.rpm
MD5: 9b680cb3453b3b8cb93fd465d8a5f264
SHA-256: 9ba3df19ace280bd4e8b1006dee58cf23ac574330568333362f75809b742c3f0
Size: 298.66 kB - gstreamer1-plugins-base-1.10.4-1.el7.i686.rpm
MD5: 99d848f3479299f4f97b024ab092fbb5
SHA-256: 1c02258735cdc018a5939f5ffb5a530dcd2dd488ed67c588ab3326f0967a7981
Size: 1.42 MB - gstreamer1-plugins-base-devel-1.10.4-1.el7.i686.rpm
MD5: 235f9e63e7b91f74c186647b50042865
SHA-256: 10293a884f6ec4ded55ffb9d47647fdfce0ff2c85a499ae42144a3d9a48a7537
Size: 298.61 kB - gstreamer1-plugins-good-1.10.4-2.el7.x86_64.rpm
MD5: bb3b6966cc4f94028e785686300ebb9c
SHA-256: c7804b97019b71a1db46df8b2a5c3621025de8bf6509241ea51b81275993e93f
Size: 1.96 MB - gstreamer1-plugins-good-1.10.4-2.el7.i686.rpm
MD5: 3f02712bfe9bf16d143d4a165b9d8029
SHA-256: f9b2015d0e22898ad0833658816a266092a038365254ac352a2162bf1e38484a
Size: 1.96 MB - gstreamer1-1.10.4-2.el7.x86_64.rpm
MD5: 1f2469abc506d73d2f3626e68e6adb30
SHA-256: 0ceab46a195b6d2cae825cf688bff489a871957a5d43f4fb19f6d4e741f107ce
Size: 1.15 MB - gstreamer1-devel-1.10.4-2.el7.x86_64.rpm
MD5: bc364fbd2ac276ce5f45ac4a0be911e1
SHA-256: 34f17fa2a42b87ca1e351edf35ce436c4f7a78a71a22cb936f6602dfbb15de81
Size: 440.41 kB - gstreamer1-1.10.4-2.el7.i686.rpm
MD5: 8bff7e391b3642a162835ba81cbf823d
SHA-256: fda4cc46c40d6da833fad34033e968495d7f3997834ea1befa8c37ca4577313c
Size: 1.15 MB - gstreamer1-devel-1.10.4-2.el7.i686.rpm
MD5: 62996103b9dcbc137c09d51a8989aaed
SHA-256: aca3cdb343ff5944a10e3d5d866980655b8249ed0f0c2fd3ab6f48208dbb43dc
Size: 440.41 kB - orc-0.4.26-1.el7.x86_64.rpm
MD5: ef6059db67feb2db9e5fb68bec897fea
SHA-256: cb1d9d6e3eade802b5f1291fae448f4c3c29b86c6ffec9556d3023eb3829820f
Size: 165.30 kB - orc-0.4.26-1.el7.i686.rpm
MD5: 3d78df9c8ecd5eb55fd31732264c0bb4
SHA-256: 9155e1fd5377ee508a39e8f517ef35baa0f8862913c1269ff5c520ab65852e7b
Size: 170.05 kB
日本語