The following updates has been released for Debian 7 LTS:
[DLA 827-1] gst-plugins-base0.10 security update
[DLA 828-1] gst-plugins-good0.10 security update
[DLA 829-1] gst-plugins-ugly0.10 security update
[DLA 830-1] gst-plugins-bad0.10 security update
[DLA 827-1] gst-plugins-base0.10 security update
[DLA 828-1] gst-plugins-good0.10 security update
[DLA 829-1] gst-plugins-ugly0.10 security update
[DLA 830-1] gst-plugins-bad0.10 security update
[DLA 827-1] gst-plugins-base0.10 security update
Package : gst-plugins-base0.10
Version : 0.10.36-1.1+deb7u2
CVE ID : CVE-2017-5837 CVE-2017-5844
It was discovered that it is possible to trigger a floating point
exception in GStreamer via specially crafted files, causing a denial
of service.
For Debian 7 "Wheezy", these problems have been fixed in version
0.10.36-1.1+deb7u2.
We recommend that you upgrade your gst-plugins-base0.10 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 828-1] gst-plugins-good0.10 security update
Package : gst-plugins-good0.10
Version : 0.10.31-3+nmu1+deb7u2
CVE ID : CVE-2016-10198 CVE-2017-5840
Two memory handling issues were found in gst-plugins-good0.10:
CVE-2016-10198
An invalid read can be triggered in the aacparse element via a
maliciously crafted file.
CVE-2017-5840
An out of bounds heap read can be triggered in the qtdemux element
via a maliciously crafted file.
For Debian 7 "Wheezy", these problems have been fixed in version
0.10.31-3+nmu1+deb7u2.
We recommend that you upgrade your gst-plugins-good0.10 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 829-1] gst-plugins-ugly0.10 security update
Package : gst-plugins-ugly0.10
Version : 0.10.19-2+deb7u1
CVE ID : CVE-2017-5846 CVE-2017-5847
Two memory management issues were found in the asfdemux element of the
GStreamer "ugly" plugin collection, which can be triggered via a
maliciously crafted file.
For Debian 7 "Wheezy", these problems have been fixed in version
0.10.19-2+deb7u1.
We recommend that you upgrade your gst-plugins-ugly0.10 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
[DLA 830-1] gst-plugins-bad0.10 security update
Package : gst-plugins-bad0.10
Version : 0.10.23-7.1+deb7u5
CVE ID : CVE-2017-5843 CVE-2017-5848
Some memory management issues were found in the GStreamer "bad" plugins:
CVE-2017-5843
A use after free issue was found in the mxfdemux element, which can
can be triggered via a maliciously crafted file.
CVE-2017-5848
The psdemux was vulnerable to several invalid reads, which could be
triggered via a maliciously crafted file.
For Debian 7 "Wheezy", these problems have been fixed in version
0.10.23-7.1+deb7u5.
We recommend that you upgrade your gst-plugins-bad0.10 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
