gstreamer1-plugins-base-1.22.1-2.el9
エラータID: AXSA:2024-8035:01
リリース日:
2024/05/30 Thursday - 19:26
題名:
gstreamer1-plugins-base-1.22.1-2.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の PGS 形式の字幕ファイルの解析処理には、
データサイズの検証処理の欠落に起因したヒープ領域の
バッファーオーバーフローの問題があるため、ローカルの
攻撃者により、細工された PGS 形式の字幕データファイル
を介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-37328)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-37328
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20994.
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20994.
追加情報:
N/A
ダウンロード:
SRPMS
- gstreamer1-plugins-base-1.22.1-2.el9.src.rpm
MD5: e57637075c398c14286ada37a3a0ae79
SHA-256: fd99ebcfb1e676f38908428fd7e8a45ca1c37f3f1accadfb3b5681960b7864b9
Size: 2.26 MB
Asianux Server 9 for x86_64
- gstreamer1-plugins-base-1.22.1-2.el9.i686.rpm
MD5: eeb4986073f7408d0d5a9635e6c288ee
SHA-256: 06e744aad955c3255be73bd969162a518fdb5fc9f64257dd92dbac0e034bc408
Size: 2.27 MB - gstreamer1-plugins-base-1.22.1-2.el9.x86_64.rpm
MD5: edac4825b5970ec9657fda2b8cba234c
SHA-256: 056c7653144d546ddd5fabff411d99b8669e460b44cd3fa07cad1e08412c2ef1
Size: 2.20 MB - gstreamer1-plugins-base-devel-1.22.1-2.el9.i686.rpm
MD5: a3341cdc11b1962604db14cf696f6e6a
SHA-256: cf766061e908ebc27a8685f24b723dc35186dccf6fa3813a2b153fc9ca13e522
Size: 471.10 kB - gstreamer1-plugins-base-devel-1.22.1-2.el9.x86_64.rpm
MD5: f471fc4d1ddf430ffc0537d85b3ae1cb
SHA-256: 3a390a5625431d9386737146923b08e2e5b3b397a6b95f87e22a201996587014
Size: 470.95 kB - gstreamer1-plugins-base-tools-1.22.1-2.el9.x86_64.rpm
MD5: 0c817ccabef63c27cfcbc5e29b3beae9
SHA-256: 24475cd86e7259d2ca10e5a4d7248c69b8870fa4017258779aac0242621588f7
Size: 44.30 kB
English