Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 602
Alerts This Week
Warning Icon 1 602

Ubuntu 24.10: USN-7174-1 critical: GStreamer DoS and code execution

ubuntu
Calendar Grey December 18, 2024
Dist Ubuntu Esm H88
Ubuntu Security Announcement USN-7175-1 details a vulnerability in GStreamer that may cause application failures or allow for arbitrary code execution via specially crafted files.
GStreamer could be made to crash or run programs as your login if it opened a specially crafted file.

Summary

GStreamer could be made to crash or run programs as your login if it opened

a specially crafted file.

Software Description:

- gstreamer1.0: GStreamer is a streaming media framework

Details:

Antonio Morales discovered that GStreamer incorrectly handled allocating

memory for certain buffers. An attacker could use this issue to cause

GStreamer to crash, resulting in a denial of service, or possibly execute

arbitrary code.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
   libgstreamer1.0-0               1.24.8-1ubuntu0.1

Ubuntu 24.04 LTS
   libgstreamer1.0-0               1.24.2-1ubuntu0.1

Ubuntu 22.04 LTS
   libgstreamer1.0-0               1.20.3-0ubuntu1.1

Ubuntu 20.04 LTS
   libgstreamer1.0-0               1.16.3-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7174-1

CVE-2024-47606

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7174-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.