CentOS Local Security Checks : CentOS Update for gstreamer-plugins-bad-free CESA-2016:2974 centos6

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882620

Categoría: CentOS Local Security Checks

Título: CentOS Update for gstreamer-plugins-bad-free CESA-2016:2974 centos6

Resumen: Check the version of gstreamer-plugins-bad-free

Descripción: Summary:
Check the version of gstreamer-plugins-bad-free

Vulnerability Insight:
GStreamer is a streaming media framework
based on graphs of filters which operate on media data.
The gstreamer-plugins-bad-free package contains a collection of plug-ins for
GStreamer.

Security Fix(es):

* An integer overflow flaw, leading to a heap-based buffer overflow, was
found in GStreamer's VMware VMnc video file format decoding plug-in. A
remote attacker could use this flaw to cause an application using GStreamer
to crash or, potentially, execute arbitrary code with the privileges of the
user running the application. (CVE-2016-9445)

* A memory corruption flaw was found in GStreamer's Nintendo NSF music file
format decoding plug-in. A remote attacker could use this flaw to cause an
application using GStreamer to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2016-9447)

Note: This updates removes the vulnerable Nintendo NSF plug-in.

Affected Software/OS:
gstreamer-plugins-bad-free on CentOS 6

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9445
BugTraq ID: 94421
http://www.securityfocus.com/bid/94421
https://security.gentoo.org/glsa/201705-10
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
http://www.openwall.com/lists/oss-security/2016/11/18/12
http://www.openwall.com/lists/oss-security/2016/11/18/13
RedHat Security Advisories: RHSA-2016:2974
http://rhn.redhat.com/errata/RHSA-2016-2974.html
RedHat Security Advisories: RHSA-2017:0018
http://rhn.redhat.com/errata/RHSA-2017-0018.html
RedHat Security Advisories: RHSA-2017:0021
http://rhn.redhat.com/errata/RHSA-2017-0021.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9447
BugTraq ID: 94427
http://www.securityfocus.com/bid/94427
http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html

Copyright Copyright (C) 2016 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882620
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for gstreamer-plugins-bad-free CESA-2016:2974 centos6
Resumen:	Check the version of gstreamer-plugins-bad-free
Descripción:	Summary: Check the version of gstreamer-plugins-bad-free Vulnerability Insight: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9447) Note: This updates removes the vulnerable Nintendo NSF plug-in. Affected Software/OS: gstreamer-plugins-bad-free on CentOS 6 Solution: Please Install the Updated Packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9445 BugTraq ID: 94421 http://www.securityfocus.com/bid/94421 https://security.gentoo.org/glsa/201705-10 https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html http://www.openwall.com/lists/oss-security/2016/11/18/12 http://www.openwall.com/lists/oss-security/2016/11/18/13 RedHat Security Advisories: RHSA-2016:2974 http://rhn.redhat.com/errata/RHSA-2016-2974.html RedHat Security Advisories: RHSA-2017:0018 http://rhn.redhat.com/errata/RHSA-2017-0018.html RedHat Security Advisories: RHSA-2017:0021 http://rhn.redhat.com/errata/RHSA-2017-0021.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9447 BugTraq ID: 94427 http://www.securityfocus.com/bid/94427 http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
Copyright	Copyright (C) 2016 Greenbone AG