Critical Threat Alert for gstreamer-plugins-good: SLSA-2016:2975-1

Date: Wed, 21 Dec 2016 15:28:04 -0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: gstreamer-plugins-good on SL6.x
 i386/x86_64
MIME-Version: 1.0
Message-ID: <20161221152804.28917.81123@slpackages.fnal.gov>

Synopsis: Important: gstreamer-plugins-good security update
Advisory ID: SLSA-2016:2975-1
Issue Date: 2016-12-21
CVE Numbers: CVE-2016-9634
 CVE-2016-9635
 CVE-2016-9636
 CVE-2016-9808
 CVE-2016-9807
--

Security Fix(es):

* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to cause
an application using GStreamer to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)

* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX
media file format decoding plug-in. A remote attacker could use this flaw
to cause an application using GStreamer to crash. (CVE-2016-9807)

Note: This updates removes the vulnerable FLC/FLI/FLX plug-in.
--

SL6
 x86_64
 gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm
 gstreamer-plugins-good-0.10.23-4.el6_8.x86_64.rpm
 gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm
 gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.x86_64.rpm
 gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm
 gstreamer-plugins-good-devel-0.10.23-4.el6_8.x86_64.rpm
 i386
 gstreamer-plugins-good-0.10.23-4.el6_8.i686.rpm
 gstreamer-plugins-good-debuginfo-0.10.23-4.el6_8.i686.rpm
 gstreamer-plugins-good-devel-0.10.23-4.el6_8.i686.rpm

- Scientific Linux Development Team