Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 40: 2024-2284729772 urgent: GStreamer plugin buffer overflow risks

fedora
Calendar Grey December 22, 2024
Dist Fedora Esm H88
Ubuntu 22.04 improves libxml2 to address various severe vulnerabilities, bolstering overall security.
Update to 1.24.10, fixes multiple CVEs.

Summary

GStreamer is a streaming media framework, based on graphs of filters which

operate on media data. Applications using this library can do anything

from real-time sound processing to playing videos, and just about anything

else media-related. Its plugin-based architecture means that new data

types or processing capabilities can be added simply by installing new

plug-ins.

This package contains a set of well-maintained base plug-ins.

Update Information:

Update to 1.24.10, fixes multiple CVEs.

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora software patch out-of-bounds mingw-gstreamer1-plugins-base

Change Log

* Fri Dec 6 2024 Sandro Mani - 1.24.10-1 - Update to 1.24.10 * Tue Nov 5 2024 Sandro Mani - 1.24.9-1 - Update to 1.24.9 * Mon Sep 23 2024 Sandro Mani - 1.24.8-1 - Update to 1.24.8 * Fri Aug 23 2024 Sandro Mani - 1.24.7-1 - Update to 1.24.7 * Tue Jul 30 2024 Sandro Mani - 1.24.6-1 - Update to 1.24.6 * Thu Jul 18 2024 Fedora Release Engineering - 1.24.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild * Sun Jun 23 2024 Sandro Mani - 1.24.5-1 - Update to 1.24.5 * Thu Jun 6 2024 Sandro Mani - 1.24.4-1 - Update to 1.24.4 * Wed May 1 2024 Sandro Mani - 1.24.3-1 - Update to 1.24.3 * Thu Mar 7 2024 Sandro Mani - 1.24.0-1 - Update to 1.24.0

References


[ 1 ] Bug #2331792 - CVE-2024-47542 mingw-gstreamer1-plugins-base: ID3v2 parser out-of-bounds read and NULL-pointer dereference [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331792 [ 2 ] Bug #2331796 - CVE-2024-47540 mingw-gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331796 [ 3 ] Bug #2331813 - CVE-2024-47537 mingw-gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331813 [ 4 ] Bug #2331817 - CVE-2024-47539 mingw-gstreamer1-plugins-good: OOB-write in convert_to_s334_1a [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331817 [ 5 ] Bug #2331825 - CVE-2024-47538 mingw-gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331825 [ 6 ] Bug #2331863 - CVE-202...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-2284729772' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: mingw-gstreamer1-plugins-base
Product: Fedora 40
Version: 1.24.10
Release: 1.fc40
URL: http://gstreamer.freedesktop.org/
Summary: Cross compiled GStreamer1 media framework base plug-ins

Topics%20covered

Topics Covered

security advisory update buffer overflow Fedora software patch out-of-bounds mingw-gstreamer1-plugins-base

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here