MGASA-2023-0354 - Updated gstreamer packages fix many security vulnerabilities

Publication date: 22 Dec 2023
URL: https://advisories.mageia.org/MGASA-2023-0354.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2022-1920,
     CVE-2022-1922,
     CVE-2022-1923,
     CVE-2022-1924,
     CVE-2022-1925,
     CVE-2022-2122,
     CVE-2023-37327,
     CVE-2023-37328,
     CVE-2023-37329,
     CVE-2023-38103,
     CVE-2023-38104,
     CVE-2023-40474,
     CVE-2023-40475,
     CVE-2023-40476,
     CVE-2023-44429,
     CVE-2023-44446

Updated gstreamer packages fix many security issues (see the references
below).
Apart from the listed CVEs, ZDI-CAN-22300 is also fixed.

References:
- https://bugs.mageia.org/show_bug.cgi?id=32071
- https://gstreamer.freedesktop.org/security/sa-2023-0011.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1920
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1922
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1923
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1924
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1925
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2122
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37327
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37328
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37329
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38103
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38104
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40474
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40475
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40476
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44429
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44446

SRPMS:
- 9/core/gstreamer1.0-1.22.8-1.mga9
- 9/core/gstreamer1.0-plugins-base-1.22.8-1.mga9
- 9/core/gstreamer1.0-omx-1.22.8-1.mga9
- 9/core/gstreamer1.0-python-1.22.8-1.mga9
- 9/core/gstreamer1.0-plugins-good-1.22.8-1.mga9
- 9/core/gstreamer1.0-plugins-bad-1.22.8-1.mga9
- 9/core/gstreamer1.0-plugins-ugly-1.22.8-1.mga9
- 9/core/gstreamer1.0-rtsp-server-1.22.8-1.mga9
- 9/core/gstreamer1.0-vaapi-1.22.8-1.mga9
- 9/core/gstreamer1.0-devtools-1.22.8-1.mga9
- 9/core/gstreamer1.0-libav-1.22.8-1.mga9
- 9/core/gstreamer1.0-moodbar-1.2.1-5.mga9
- 9/core/gstreamer1.0-editing-services-1.22.8-1.mga9
- 9/tainted/gstreamer1.0-plugins-bad-1.22.8-1.mga9.tainted
- 9/tainted/gstreamer1.0-plugins-ugly-1.22.8-1.mga9.tainted