gstreamer1-plugins-base-1.16.1-3.el8
エラータID: AXSA:2024-8315:02
リリース日:
2024/06/17 Monday - 19:07
題名:
gstreamer1-plugins-base-1.16.1-3.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- GStreamer の PGS 形式の字幕ファイルの解析処理には、
データサイズの検証処理の欠落に起因したヒープ領域の
バッファーオーバーフローの問題があるため、ローカルの
攻撃者により、細工された PGS 形式の字幕データファイル
を介して、任意のコードの実行を可能とする脆弱性が存在
します。(CVE-2023-37328)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2023-37328
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20994.
GStreamer PGS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of PGS subtitle files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-20994.
追加情報:
N/A
ダウンロード:
SRPMS
- gstreamer1-plugins-base-1.16.1-3.el8.src.rpm
MD5: 6418e414278572a0d6716d5948010d4f
SHA-256: 8d314dc369ea4f13932a029e1d10fea3f5ce3b92eb03b399bc0ab8de5479a91e
Size: 3.78 MB
Asianux Server 8 for x86_64
- gstreamer1-plugins-base-1.16.1-3.el8.i686.rpm
MD5: b2cb2c8cd7161d99e3d0d2f3932ac9bb
SHA-256: 13c98b575f09b05bddcca5b43b0b3913e51c611b58bf71c18152de38c33c5811
Size: 2.03 MB - gstreamer1-plugins-base-1.16.1-3.el8.x86_64.rpm
MD5: 67afedd882f86e256431e46d23596e97
SHA-256: 50f80b49be441076367ca479b155f0eab38e05890aafd77e6bade4e4aa0bac23
Size: 1.95 MB - gstreamer1-plugins-base-devel-1.16.1-3.el8.i686.rpm
MD5: 7ddea58e5d02aa80bdd467ae544f9c52
SHA-256: 61cfe51fe165b8901bb297ac6a0931f35ef81a8734050f85316ae7f378856e9b
Size: 420.52 kB - gstreamer1-plugins-base-devel-1.16.1-3.el8.x86_64.rpm
MD5: d8a2f2c271a75f4d23d86304f9fd3882
SHA-256: 1778036c1ccb7fcbf9ec03b4bb17172cab57a57f214e32c94b66c68c6676d4f5
Size: 420.56 kB
English