Synopsis: Moderate: gstreamer1-plugins-good security update
Advisory ID: SLSA-2017:0020-1
Issue Date: 2017-01-05
CVE Numbers: CVE-2016-9634
CVE-2016-9635
CVE-2016-9636
CVE-2016-9808
CVE-2016-9807
—
Security Fix(es):
* Multiple flaws were discovered in GStreamer’s FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to cause
an application using GStreamer to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer’s FLC/FLI/FLX
media file format decoding plug-in. A remote attacker could use this flaw
to cause an application using GStreamer to crash. (CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in.
—
SL7
x86_64
gstreamer1-plugins-good-1.4.5-3.el7_3.i686.rpm
gstreamer1-plugins-good-1.4.5-3.el7_3.x86_64.rpm
gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.i686.rpm
gstreamer1-plugins-good-debuginfo-1.4.5-3.el7_3.x86_64.rpm
– Scientific Linux Development Team
