Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 454
Alerts This Week
Warning Icon 1 454

Ubuntu 16.10, 16.04 LTS USN-3245-1 Moderate: GStreamer Application Crash

ubuntu
Calendar Grey March 27, 2017
Dist Ubuntu Esm H88
GStreamer Bad Plugins vulnerabilities may lead to application failures on Ubuntu systems. Adhere to the update guidelines to mitigate potential threats.
GStreamer Good Plugins could be made to crash if it opened a specially crafted file.

Summary

GStreamer Good Plugins could be made to crash if it opened a specially

crafted file.

Software Description:

- gst-plugins-good1.0: GStreamer plugins

- gst-plugins-good0.10: GStreamer plugins

Details:

Hanno Böck discovered that GStreamer Good Plugins did not correctly handle

certain malformed media files. If a user were tricked into opening a

crafted media file with a GStreamer application, an attacker could cause a

denial of service via application crash.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.10:
  gstreamer1.0-plugins-good       1.8.3-1ubuntu1.3

Ubuntu 16.04 LTS:
  gstreamer1.0-plugins-good       1.8.3-1ubuntu0.4

Ubuntu 14.04 LTS:
  gstreamer0.10-plugins-good      0.10.31-3+nmu1ubuntu5.3
  gstreamer1.0-plugins-good       1.2.4-1~ubuntu1.4

Ubuntu 12.04 LTS:
  gstreamer0.10-plugins-good      0.10.31-1ubuntu1.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3245-1

CVE-2016-10198, CVE-2016-10199, CVE-2017-5840, CVE-2017-5841,

CVE-2017-5845

March 27, 2017

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.