Debian 10270 Published by

The following updates has been released for Debian 7 LTS:

[DLA 827-1] gst-plugins-base0.10 security update
[DLA 828-1] gst-plugins-good0.10 security update
[DLA 829-1] gst-plugins-ugly0.10 security update
[DLA 830-1] gst-plugins-bad0.10 security update



[DLA 827-1] gst-plugins-base0.10 security update

Package : gst-plugins-base0.10
Version : 0.10.36-1.1+deb7u2
CVE ID : CVE-2017-5837 CVE-2017-5844

It was discovered that it is possible to trigger a floating point
exception in GStreamer via specially crafted files, causing a denial
of service.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.36-1.1+deb7u2.

We recommend that you upgrade your gst-plugins-base0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 828-1] gst-plugins-good0.10 security update

Package : gst-plugins-good0.10
Version : 0.10.31-3+nmu1+deb7u2
CVE ID : CVE-2016-10198 CVE-2017-5840

Two memory handling issues were found in gst-plugins-good0.10:

CVE-2016-10198

An invalid read can be triggered in the aacparse element via a
maliciously crafted file.

CVE-2017-5840

An out of bounds heap read can be triggered in the qtdemux element
via a maliciously crafted file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.31-3+nmu1+deb7u2.

We recommend that you upgrade your gst-plugins-good0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 829-1] gst-plugins-ugly0.10 security update

Package : gst-plugins-ugly0.10
Version : 0.10.19-2+deb7u1
CVE ID : CVE-2017-5846 CVE-2017-5847

Two memory management issues were found in the asfdemux element of the
GStreamer "ugly" plugin collection, which can be triggered via a
maliciously crafted file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.19-2+deb7u1.

We recommend that you upgrade your gst-plugins-ugly0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

[DLA 830-1] gst-plugins-bad0.10 security update

Package : gst-plugins-bad0.10
Version : 0.10.23-7.1+deb7u5
CVE ID : CVE-2017-5843 CVE-2017-5848

Some memory management issues were found in the GStreamer "bad" plugins:

CVE-2017-5843

A use after free issue was found in the mxfdemux element, which can
can be triggered via a maliciously crafted file.

CVE-2017-5848

The psdemux was vulnerable to several invalid reads, which could be
triggered via a maliciously crafted file.

For Debian 7 "Wheezy", these problems have been fixed in version
0.10.23-7.1+deb7u5.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS