| nessus
via4
|
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2017-0020.NASL | | description | An update for gstreamer1-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer1-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96341 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96341 | | title | CentOS 7 : gstreamer1-plugins-good (CESA-2017:0020) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-65.NASL | | description | This update for gstreamer-plugins-good fixes the following security
issues :
- CVE-2016-9807: Flic decoder invalid read could lead to
crash. (bsc#1013655)
- CVE-2016-9634: Flic out-of-bounds write could lead to
code execution. (bsc#1012102)
- CVE-2016-9635: Flic out-of-bounds write could lead to
code execution. (bsc#1012103)
- CVE-2016-9635: Flic out-of-bounds write could lead to
code execution. (bsc#1012104)
- CVE-2016-9808: A maliciously crafted flic file can still
cause invalid memory accesses. (bsc#1013653)
- CVE-2016-9810: A maliciously crafted flic file can still
cause invalid memory accesses. (bsc#1013663)
This update was imported from the SUSE:SLE-12-SP2:Update update
project. | | last seen | 2019-01-16 | | modified | 2017-02-13 | | plugin id | 96384 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96384 | | title | openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-65) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20161221_GSTREAMER_PLUGINS_GOOD_ON_SL6_X.NASL | | description | Security Fix(es) :
- Multiple flaws were discovered in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote
attacker could use these flaws to cause an application
using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running
the application. (CVE-2016-9634, CVE-2016-9635,
CVE-2016-9636, CVE-2016-9808)
- An invalid memory read access flaw was found in
GStreamer's FLC/FLI/FLX media file format decoding
plug-in. A remote attacker could use this flaw to cause
an application using GStreamer to crash. (CVE-2016-9807)
Note: This updates removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-12-28 | | plugin id | 96042 | | published | 2016-12-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96042 | | title | Scientific Linux Security Update : gstreamer-plugins-good on SL6.x i386/x86_64 |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2017-0210-1.NASL | | description | This update for gstreamer-0_10-plugins-good fixes the following
issues :
- CVE-2016-9634: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012102)
- CVE-2016-9635: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012103)
- CVE-2016-9636: Prevent maliciously crafted flic files
from causing invalid memory writes (bsc#1012104)
- CVE-2016-9807: Prevent the reading of invalid memory in
flx_decode_chunks, leading to DoS (bsc#1013655)
- CVE-2016-9808: Prevent maliciously crafted flic files
from causing invalid memory accesses (bsc#1013653)
- CVE-2016-9810: Invalid files can be used to extraneous
unreferences, leading to invalid memory access and DoS
(bsc#1013663)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-30 | | plugin id | 96654 | | published | 2017-01-20 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96654 | | title | SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0210-1) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1063.NASL | | description | According to the versions of the gstreamer-plugins-good package
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'write count' that
goes beyond the initialized buffer.(CVE-2016-9636)
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'skip count' that
goes beyond initialized buffer.(CVE-2016-9635)
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) via the start_line
parameter.(CVE-2016-9634)
- The FLIC decoder in GStreamer before 1.10.2 allows
remote attackers to cause a denial of service
(out-of-bounds write and crash) via a crafted series of
skip and count pairs.(CVE-2016-9808)
- The flx_decode_chunks function in gst/flx/gstflxdec.c
in GStreamer before 1.10.2 allows remote attackers to
cause a denial of service (invalid memory read and
crash) via a crafted FLIC file.(CVE-2016-9807)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-14 | | plugin id | 99910 | | published | 2017-05-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99910 | | title | EulerOS 2.0 SP2 : gstreamer-plugins-good (EulerOS-SA-2017-1063) |
| NASL family | Gentoo Local Security Checks | | NASL id | GENTOO_GLSA-201705-10.NASL | | description | The remote host is affected by the vulnerability described in GLSA-201705-10
(GStreamer plug-ins: User-assisted execution of arbitrary code)
Multiple vulnerabilities have been discovered in various GStreamer
plug-ins. Please review the CVE identifiers referenced below for details.
Impact :
A remote attacker could entice a user or automated system using a
GStreamer plug-in to process a specially crafted file, resulting in the
execution of arbitrary code or a Denial of Service.
Workaround :
There is no known workaround at this time. | | last seen | 2019-01-16 | | modified | 2017-05-18 | | plugin id | 100263 | | published | 2017-05-18 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=100263 | | title | GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-88.NASL | | description | This update for gstreamer-0_10-plugins-good fixes the following
issues :
- CVE-2016-9634: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012102)
- CVE-2016-9635: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012103)
- CVE-2016-9636: Prevent maliciously crafted flic files
from causing invalid memory writes (bsc#1012104)
- CVE-2016-9807: Prevent the reading of invalid memory in
flx_decode_chunks, leading to DoS (bsc#1013655)
- CVE-2016-9808: Prevent maliciously crafted flic files
from causing invalid memory accesses (bsc#1013653)
- CVE-2016-9810: Invalid files can be used to extraneous
unreferences, leading to invalid memory access and DoS
(bsc#1013663) | | last seen | 2019-01-16 | | modified | 2017-02-13 | | plugin id | 96554 | | published | 2017-01-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96554 | | title | openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-88) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2017-0237-1.NASL | | description | gstreamer-0_10-plugins-good was updated to fix five security issues.
These security issues were fixed :
- CVE-2016-9635: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012103).
- CVE-2016-9634: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012102).
- CVE-2016-9810: Invalid files can be used to extraneous
unreferences, leading to invalid memory access and DoS
(bsc#1013663).
- CVE-2016-9807: Prevent the reading of invalid memory in
flx_decode_chunks, leading to DoS (bsc#1013655).
- CVE-2016-9808: Prevent maliciously crafted flic files
from causing invalid memory accesses (bsc#1013653). To
install this update libbz2-1 needs to be installed if it
isn't already present on the system.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-30 | | plugin id | 96695 | | published | 2017-01-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96695 | | title | SUSE SLED12 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0237-1) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-153.NASL | | description | This update for gstreamer-0_10-plugins-good fixes the following
issues :
- CVE-2016-9634: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012102)
- CVE-2016-9635: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012103)
- CVE-2016-9636: Prevent maliciously crafted flic files
from causing invalid memory writes (bsc#1012104)
- CVE-2016-9807: Prevent the reading of invalid memory in
flx_decode_chunks, leading to DoS (bsc#1013655)
- CVE-2016-9808: Prevent maliciously crafted flic files
from causing invalid memory accesses (bsc#1013653)
- CVE-2016-9810: Invalid files can be used to extraneous
unreferences, leading to invalid memory access and DoS
(bsc#1013663) | | last seen | 2019-01-16 | | modified | 2017-02-13 | | plugin id | 96862 | | published | 2017-01-30 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96862 | | title | openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-153) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2017-0225-1.NASL | | description | gstreamer-0_10-plugins-good was updated to fix six security issues.
These security issues were fixed :
- CVE-2016-9634: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012102)
- CVE-2016-9635: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012103)
- CVE-2016-9636: Prevent maliciously crafted flic files
from causing invalid memory writes (bsc#1012104).
- CVE-2016-9807: Prevent the reading of invalid memory in
flx_decode_chunks, leading to DoS (bsc#1013655)
- CVE-2016-9808: Prevent maliciously crafted flic files
from causing invalid memory accesses (bsc#1013653)
- CVE-2016-9810: Invalid files can be used to extraneous
unreferences, leading to invalid memory access and DoS
(bsc#1013663)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-30 | | plugin id | 96694 | | published | 2017-01-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96694 | | title | SUSE SLES11 Security Update : gstreamer-0_10-plugins-good (SUSE-SU-2017:0225-1) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2016-2975.NASL | | description | From Red Hat Security Advisory 2016:2975 :
An update for gstreamer-plugins-good is now available for Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This updates removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-07-25 | | plugin id | 96067 | | published | 2016-12-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96067 | | title | Oracle Linux 6 : gstreamer-plugins-good (ELSA-2016-2975) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2016-2975.NASL | | description | An update for gstreamer-plugins-good is now available for Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This updates removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96040 | | published | 2016-12-21 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96040 | | title | RHEL 6 : gstreamer-plugins-good (RHSA-2016:2975) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0020.NASL | | description | An update for gstreamer1-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer1-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96312 | | published | 2017-01-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96312 | | title | RHEL 7 : gstreamer1-plugins-good (RHSA-2017:0020) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2017-0020.NASL | | description | From Red Hat Security Advisory 2017:0020 :
An update for gstreamer1-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer1-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-07-25 | | plugin id | 96328 | | published | 2017-01-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96328 | | title | Oracle Linux 7 : gstreamer1-plugins-good (ELSA-2017-0020) |
| NASL family | Oracle Linux Local Security Checks | | NASL id | ORACLELINUX_ELSA-2017-0019.NASL | | description | From Red Hat Security Advisory 2017:0019 :
An update for gstreamer-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-07-25 | | plugin id | 96327 | | published | 2017-01-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96327 | | title | Oracle Linux 7 : gstreamer-plugins-good (ELSA-2017-0019) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20170105_GSTREAMER1_PLUGINS_GOOD_ON_SL7_X.NASL | | description | Security Fix(es) :
- Multiple flaws were discovered in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote
attacker could use these flaws to cause an application
using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running
the application. (CVE-2016-9634, CVE-2016-9635,
CVE-2016-9636, CVE-2016-9808)
- An invalid memory read access flaw was found in
GStreamer's FLC/FLI/FLX media file format decoding
plug-in. A remote attacker could use this flaw to cause
an application using GStreamer to crash. (CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-12-27 | | plugin id | 96331 | | published | 2017-01-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96331 | | title | Scientific Linux Security Update : gstreamer1-plugins-good on SL7.x x86_64 |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-402.NASL | | description | This update for gstreamer-0_10-plugins-good fixes the following
issues :
Security issues fixed :
- CVE-2016-9634, CVE-2016-9635: add some bounds checking
(boo#1012102 boo#1012103).
- CVE-2016-9636: fix casting for some comparisons
(boo#1012104).
- CVE-2016-9807, CVE-2016-9808: rewrite logic using
GsgtByteReader/Writer (boo#1013653 boo#1013655).
- CVE-2016-9810: don't unref() parent in the chain
function (boo#1013663). | | last seen | 2019-01-16 | | modified | 2017-04-03 | | plugin id | 99150 | | published | 2017-04-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99150 | | title | openSUSE Security Update : gstreamer-0_10-plugins-good (openSUSE-2017-402) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-83.NASL | | description | This update for gstreamer-plugins-good fixes the following issues :
- CVE-2016-9634: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012102)
- CVE-2016-9635: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012103)
- CVE-2016-9636: Prevent maliciously crafted flic files
from causing invalid memory writes (bsc#1012104)
- CVE-2016-9807: Prevent the reading of invalid memory in
flx_decode_chunks, leading to DoS (bsc#1013655)
- CVE-2016-9808: Prevent maliciously crafted flic files
from causing invalid memory accesses (bsc#1013653)
- CVE-2016-9810: Invalid files can be used to extraneous
unreferences, leading to invalid memory access and DoS
(bsc#1013663) | | last seen | 2019-01-16 | | modified | 2017-02-13 | | plugin id | 96549 | | published | 2017-01-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96549 | | title | openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-83) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2016-3303-1.NASL | | description | This update for gstreamer-plugins-good fixes the following security
issues :
- CVE-2016-9807: Flic decoder invalid read could lead to
crash. (bsc#1013655)
- CVE-2016-9634: Flic out-of-bounds write could lead to
code execution. (bsc#1012102)
- CVE-2016-9635: Flic out-of-bounds write could lead to
code execution. (bsc#1012103)
- CVE-2016-9635: Flic out-of-bounds write could lead to
code execution. (bsc#1012104)
- CVE-2016-9808: A maliciously crafted flic file can still
cause invalid memory accesses. (bsc#1013653)
- CVE-2016-9810: A maliciously crafted flic file can still
cause invalid memory accesses. (bsc#1013663)
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-30 | | plugin id | 96264 | | published | 2017-01-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96264 | | title | SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3303-1) |
| NASL family | SuSE Local Security Checks | | NASL id | SUSE_SU-2016-3288-1.NASL | | description | This update for gstreamer-plugins-good fixes the following issues :
- CVE-2016-9807: flic decoder invalid read could lead to
crash [bsc#1013655]
- CVE-2016-9634: flic out-of-bounds write could lead to
code execution [bsc#1012102]
- CVE-2016-9635: flic out-of-bounds write could lead to
code execution [bsc#1012103]
- CVE-2016-9635: flic out-of-bounds write could lead to
code execution [bsc#1012104]
- CVE-2016-9808: A maliciously crafted flic file can still
cause invalid memory accesses. [bsc#1013653]
- CVE-2016-9810: A maliciously crafted flic file can still
cause invalid memory accesses [bsc#1013663]
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-30 | | plugin id | 96257 | | published | 2017-01-03 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96257 | | title | SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-good (SUSE-SU-2016:3288-1) |
| NASL family | Scientific Linux Local Security Checks | | NASL id | SL_20170105_GSTREAMER_PLUGINS_GOOD_ON_SL7_X.NASL | | description | Security Fix(es) :
- Multiple flaws were discovered in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote
attacker could use these flaws to cause an application
using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running
the application. (CVE-2016-9634, CVE-2016-9635,
CVE-2016-9636, CVE-2016-9808)
- An invalid memory read access flaw was found in
GStreamer's FLC/FLI/FLX media file format decoding
plug-in. A remote attacker could use this flaw to cause
an application using GStreamer to crash. (CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-12-27 | | plugin id | 96333 | | published | 2017-01-06 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96333 | | title | Scientific Linux Security Update : gstreamer-plugins-good on SL7.x x86_64 |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1065.NASL | | description | According to the versions of the gstreamer1-plugins-good package
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'write count' that
goes beyond the initialized buffer.(CVE-2016-9636)
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'skip count' that
goes beyond initialized buffer.(CVE-2016-9635)
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) via the start_line
parameter.(CVE-2016-9634)
- The FLIC decoder in GStreamer before 1.10.2 allows
remote attackers to cause a denial of service
(out-of-bounds write and crash) via a crafted series of
skip and count pairs.(CVE-2016-9808)
- The flx_decode_chunks function in gst/flx/gstflxdec.c
in GStreamer before 1.10.2 allows remote attackers to
cause a denial of service (invalid memory read and
crash) via a crafted FLIC file.(CVE-2016-9807)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-14 | | plugin id | 99912 | | published | 2017-05-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99912 | | title | EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065) |
| NASL family | Red Hat Local Security Checks | | NASL id | REDHAT-RHSA-2017-0019.NASL | | description | An update for gstreamer-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96311 | | published | 2017-01-05 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96311 | | title | RHEL 7 : gstreamer-plugins-good (RHSA-2017:0019) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2017-93.NASL | | description | This update for gstreamer-plugins-good fixes the following issues :
- CVE-2016-9634: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012102)
- CVE-2016-9635: Invalid FLIC files could have caused and
an out-of-bounds write (bsc#1012103)
- CVE-2016-9636: Prevent maliciously crafted flic files
from causing invalid memory writes (bsc#1012104)
- CVE-2016-9807: Prevent the reading of invalid memory in
flx_decode_chunks, leading to DoS (bsc#1013655)
- CVE-2016-9808: Prevent maliciously crafted flic files
from causing invalid memory accesses (bsc#1013653)
- CVE-2016-9810: Invalid files can be used to extraneous
unreferences, leading to invalid memory access and DoS
(bsc#1013663) | | last seen | 2019-01-16 | | modified | 2017-02-13 | | plugin id | 96557 | | published | 2017-01-17 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96557 | | title | openSUSE Security Update : gstreamer-plugins-good (openSUSE-2017-93) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2017-0019.NASL | | description | An update for gstreamer-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96340 | | published | 2017-01-10 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96340 | | title | CentOS 7 : gstreamer-plugins-good (CESA-2017:0019) |
| NASL family | Virtuozzo Local Security Checks | | NASL id | VIRTUOZZO_VZLSA-2017-0019.NASL | | description | An update for gstreamer-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in.
Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-20 | | plugin id | 101402 | | published | 2017-07-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101402 | | title | Virtuozzo 7 : gstreamer-plugins-good / etc (VZLSA-2017-0019) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1062.NASL | | description | According to the versions of the gstreamer-plugins-good package
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'write count' that
goes beyond the initialized buffer (CVE-2016-9636 )
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'skip count' that
goes beyond initialized buffer.(CVE-2016-9635)
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) via the start_line
parameter.(CVE-2016-9634)
- The FLIC decoder in GStreamer before 1.10.2 allows
remote attackers to cause a denial of service
(out-of-bounds write and crash) via a crafted series of
skip and count pairs.(CVE-2016-9808)
- The flx_decode_chunks function in gst/flx/gstflxdec.c
in GStreamer before 1.10.2 allows remote attackers to
cause a denial of service (invalid memory read and
crash) via a crafted FLIC file.(CVE-2016-9807)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-14 | | plugin id | 99909 | | published | 2017-05-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99909 | | title | EulerOS 2.0 SP1 : gstreamer-plugins-good (EulerOS-SA-2017-1062) |
| NASL family | Virtuozzo Local Security Checks | | NASL id | VIRTUOZZO_VZLSA-2017-0020.NASL | | description | An update for gstreamer1-plugins-good is now available for Red Hat
Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer1-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This update removes the vulnerable FLC/FLI/FLX plug-in.
Note that Tenable Network Security has attempted to extract the
preceding description block directly from the corresponding Red Hat
security advisory. Virtuozzo provides no description for VZLSA
advisories. Tenable has attempted to automatically clean and format
it as much as possible without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-20 | | plugin id | 101403 | | published | 2017-07-13 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=101403 | | title | Virtuozzo 7 : gstreamer1-plugins-good (VZLSA-2017-0020) |
| NASL family | Huawei Local Security Checks | | NASL id | EULEROS_SA-2017-1064.NASL | | description | According to the versions of the gstreamer1-plugins-good package
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'write count' that
goes beyond the initialized buffer.(CVE-2016-9636)
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'skip count' that
goes beyond initialized buffer.(CVE-2016-9635)
- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) via the start_line
parameter.(CVE-2016-9634)
- The FLIC decoder in GStreamer before 1.10.2 allows
remote attackers to cause a denial of service
(out-of-bounds write and crash) via a crafted series of
skip and count pairs.(CVE-2016-9808)
- The flx_decode_chunks function in gst/flx/gstflxdec.c
in GStreamer before 1.10.2 allows remote attackers to
cause a denial of service (invalid memory read and
crash) via a crafted FLIC file.(CVE-2016-9807)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues. | | last seen | 2019-01-16 | | modified | 2018-11-14 | | plugin id | 99911 | | published | 2017-05-02 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=99911 | | title | EulerOS 2.0 SP1 : gstreamer1-plugins-good (EulerOS-SA-2017-1064) |
| NASL family | CentOS Local Security Checks | | NASL id | CENTOS_RHSA-2016-2975.NASL | | description | An update for gstreamer-plugins-good is now available for Red Hat
Enterprise Linux 6.
Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters
which operate on media data. The gstreamer-plugins-good packages
contain a collection of well-supported plug-ins of good quality and
under the LGPL license.
Security Fix(es) :
* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to
cause an application using GStreamer to crash or, potentially, execute
arbitrary code with the privileges of the user running the
application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636,
CVE-2016-9808)
* An invalid memory read access flaw was found in GStreamer's
FLC/FLI/FLX media file format decoding plug-in. A remote attacker
could use this flaw to cause an application using GStreamer to crash.
(CVE-2016-9807)
Note: This updates removes the vulnerable FLC/FLI/FLX plug-in. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 96050 | | published | 2016-12-22 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=96050 | | title | CentOS 6 : gstreamer-plugins-good (CESA-2016:2975) |
|
