nessus
via4
|
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-1010-1.NASL | description | This update for gstreamer-plugins-good fixes the following issues :
- A crafted aac audio file could have caused an invalid
read and thus corruption or denial of service
(bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and
thus corruption or denial of service (bsc#1024017,
CVE-2016-10199)
- A crafted avi file could have caused an invalid read and
thus corruption or denial of service (bsc#1024034,
CVE-2017-5840)
- A crafted AVI file with metadata tag entries (ncdt)
could have caused invalid read access and thus
corruption or denial of service (bsc#1024030,
CVE-2017-5841)
- A crafted avi file could have caused an invalid read
access resulting in denial of service (bsc#1024062,
CVE-2017-5845)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 99396 | published | 2017-04-14 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99396 | title | SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2017:1010-1) |
NASL family | Debian Local Security Checks | NASL id | DEBIAN_DSA-3820.NASL | description | Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file
is opened. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 99006 | published | 2017-03-28 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99006 | title | Debian DSA-3820-1 : gst-plugins-good1.0 - security update |
NASL family | Fedora Local Security Checks | NASL id | FEDORA_2017-1FC4026D15.NASL | description | Security fix for CVE-2016-10199, CVE-2017-5845, CVE-2017-5840,
CVE-2017-5841 - Downgrade to 1.10.3 as it is the latest stable release
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues. | last seen | 2019-01-16 | modified | 2017-02-21 | plugin id | 97240 | published | 2017-02-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=97240 | title | Fedora 25 : mingw-gstreamer1-plugins-good (2017-1fc4026d15) |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2017-495.NASL | description | This update for gstreamer-plugins-good fixes the following issues :
- A crafted aac audio file could have caused an invalid
read and thus corruption or denial of service
(bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and
thus corruption or denial of service (bsc#1024017,
CVE-2016-10199)
- A crafted avi file could have caused an invalid read and
thus corruption or denial of service (bsc#1024034,
CVE-2017-5840)
- A crafted AVI file with metadata tag entries (ncdt)
could have caused invalid read access and thus
corruption or denial of service (bsc#1024030,
CVE-2017-5841)
- A crafted avi file could have caused an invalid read
access resulting in denial of service (bsc#1024062,
CVE-2017-5845) | last seen | 2019-01-16 | modified | 2017-04-21 | plugin id | 99560 | published | 2017-04-21 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99560 | title | openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-495) |
NASL family | SuSE Local Security Checks | NASL id | SUSE_SU-2017-1004-1.NASL | description | This update for gstreamer-plugins-good fixes the following issues :
- A crafted aac audio file could have caused an invalid
read and thus corruption or denial of service
(bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and
thus corruption or denial of service (bsc#1024017,
CVE-2016-10199)
- A crafted avi file could have caused an invalid read and
thus corruption or denial of service (bsc#1024034,
CVE-2017-5840)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-11-30 | plugin id | 99394 | published | 2017-04-14 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99394 | title | SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2017:1004-1) |
NASL family | Gentoo Local Security Checks | NASL id | GENTOO_GLSA-201705-10.NASL | description | The remote host is affected by the vulnerability described in GLSA-201705-10
(GStreamer plug-ins: User-assisted execution of arbitrary code)
Multiple vulnerabilities have been discovered in various GStreamer
plug-ins. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could entice a user or automated system using a
GStreamer plug-in to process a specially crafted file, resulting in the
execution of arbitrary code or a Denial of Service.
Workaround :
There is no known workaround at this time. | last seen | 2019-01-16 | modified | 2017-05-18 | plugin id | 100263 | published | 2017-05-18 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=100263 | title | GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code |
NASL family | SuSE Local Security Checks | NASL id | OPENSUSE-2017-490.NASL | description | This update for gstreamer-plugins-good fixes the following issues :
- A crafted aac audio file could have caused an invalid
read and thus corruption or denial of service
(bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and
thus corruption or denial of service (bsc#1024017,
CVE-2016-10199)
- A crafted avi file could have caused an invalid read and
thus corruption or denial of service (bsc#1024034,
CVE-2017-5840)
- A crafted AVI file with metadata tag entries (ncdt)
could have caused invalid read access and thus
corruption or denial of service (bsc#1024030,
CVE-2017-5841)
- A crafted avi file could have caused an invalid read
access resulting in denial of service (bsc#1024062,
CVE-2017-5845)
This update was imported from the SUSE:SLE-12-SP2:Update update
project. | last seen | 2019-01-16 | modified | 2017-04-20 | plugin id | 99498 | published | 2017-04-20 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99498 | title | openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-490) |
NASL family | Ubuntu Local Security Checks | NASL id | UBUNTU_USN-3245-1.NASL | description | Hanno Bock discovered that GStreamer Good Plugins did not correctly
handle certain malformed media files. If a user were tricked into
opening a crafted media file with a GStreamer application, an attacker
could cause a denial of service via application crash.
Note that Tenable Network Security has extracted the preceding
description block directly from the Ubuntu security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-01-16 | modified | 2018-12-01 | plugin id | 99024 | published | 2017-03-28 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=99024 | title | Ubuntu 12.04 LTS / 14.04 LTS / 16.04 LTS / 16.10 : gst-plugins-good0.10, gst-plugins-good1.0 vulnerabilities (USN-3245-1) |
NASL family | Scientific Linux Local Security Checks | NASL id | SL_20170802_GSTREAMER_ON_SL7_X.NASL | description | The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1
(1.10.4), gstreamer1-plugins-bad-free (1.10.4),
gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4),
orc (0.4.26).
Security Fix(es) :
- Multiple flaws were found in gstreamer1,
gstreamer1-plugins-base, gstreamer1-plugins-good, and
gstreamer1-plugins-bad-free packages. An attacker could
potentially use these flaws to crash applications which
use the GStreamer framework. (CVE-2016-9446,
CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,
CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,
CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,
CVE-2017-5845, CVE-2017-5848) | last seen | 2019-01-16 | modified | 2018-12-27 | plugin id | 102659 | published | 2017-08-22 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=102659 | title | Scientific Linux Security Update : GStreamer on SL7.x x86_64 |
NASL family | Huawei Local Security Checks | NASL id | EULEROS_SA-2017-1205.NASL | description | According to the versions of the gstreamer packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Multiple flaws were found in gstreamer1,
gstreamer1-plugins-base, gstreamer1-plugins-good, and
gstreamer1-plugins-bad-free packages. An attacker could
potentially use these flaws to crash applications which
use the GStreamer framework. (CVE-2016-9446,
CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,
CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,
CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,
CVE-2017-5845, CVE-2017-5848)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-02-20 | modified | 2019-02-19 | plugin id | 103063 | published | 2017-09-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=103063 | title | EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205) |
NASL family | CentOS Local Security Checks | NASL id | CENTOS_RHSA-2017-2060.NASL | description | An update is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data.
The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1
(1.10.4), gstreamer1-plugins-bad-free (1.10.4),
gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4),
orc (0.4.26).
Security Fix(es) :
* Multiple flaws were found in gstreamer1, gstreamer1-plugins-base,
gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An
attacker could potentially use these flaws to crash applications which
use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810,
CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837,
CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845,
CVE-2017-5848)
Additional Changes :
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section. | last seen | 2019-01-16 | modified | 2018-11-10 | plugin id | 102752 | published | 2017-08-25 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=102752 | title | CentOS 7 : clutter-gst2 / gnome-video-effects / gstreamer-plugins-bad-free / etcgstreamer1 / etc (CESA-2017:2060) |
NASL family | Huawei Local Security Checks | NASL id | EULEROS_SA-2017-1206.NASL | description | According to the versions of the gstreamer packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- Multiple flaws were found in gstreamer1,
gstreamer1-plugins-base, gstreamer1-plugins-good, and
gstreamer1-plugins-bad-free packages. An attacker could
potentially use these flaws to crash applications which
use the GStreamer framework. (CVE-2016-9446,
CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,
CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,
CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,
CVE-2017-5845, CVE-2017-5848)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | last seen | 2019-02-20 | modified | 2019-02-19 | plugin id | 103064 | published | 2017-09-11 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=103064 | title | EulerOS 2.0 SP2 : gstreamer (EulerOS-SA-2017-1206) |
NASL family | Red Hat Local Security Checks | NASL id | REDHAT-RHSA-2017-2060.NASL | description | An update is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data.
The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1
(1.10.4), gstreamer1-plugins-bad-free (1.10.4),
gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4),
orc (0.4.26).
Security Fix(es) :
* Multiple flaws were found in gstreamer1, gstreamer1-plugins-base,
gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An
attacker could potentially use these flaws to crash applications which
use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810,
CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837,
CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845,
CVE-2017-5848)
Additional Changes :
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section. | last seen | 2019-01-16 | modified | 2018-11-26 | plugin id | 102150 | published | 2017-08-03 | reporter | Tenable | source | https://www.tenable.com/plugins/index.php?view=single&id=102150 | title | RHEL 7 : GStreamer (RHSA-2017:2060) |
|