CentOS Local Security Checks : CentOS Update for gstreamer1-plugins-good CESA-2017:0020 centos7

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.882628

Categoría: CentOS Local Security Checks

Título: CentOS Update for gstreamer1-plugins-good CESA-2017:0020 centos7

Resumen: Check the version of gstreamer1-plugins-good

Descripción: Summary:
Check the version of gstreamer1-plugins-good

Vulnerability Insight:
GStreamer is a streaming media framework
based on graphs of filters which operate on media data. The gstreamer1-plugins-good
packages contain a collection of well-supported plug-ins of good quality and under
the LGPL license.

Security Fix(es):

* Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file
format decoding plug-in. A remote attacker could use these flaws to cause
an application using GStreamer to crash or, potentially, execute arbitrary
code with the privileges of the user running the application.
(CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808)

* An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX
media file format decoding plug-in. A remote attacker could use this flaw
to cause an application using GStreamer to crash. (CVE-2016-9807)

Note: This update removes the vulnerable FLC/FLI/FLX plug-in.

Affected Software/OS:
gstreamer1-plugins-good on CentOS 7

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2016-9634
BugTraq ID: 94499
http://www.securityfocus.com/bid/94499
Debian Security Information: DSA-3723 (Google Search)
http://www.debian.org/security/2016/dsa-3723
Debian Security Information: DSA-3724 (Google Search)
http://www.debian.org/security/2016/dsa-3724
https://security.gentoo.org/glsa/201705-10
https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
http://www.openwall.com/lists/oss-security/2016/11/24/2
RedHat Security Advisories: RHSA-2016:2975
http://rhn.redhat.com/errata/RHSA-2016-2975.html
RedHat Security Advisories: RHSA-2017:0019
http://rhn.redhat.com/errata/RHSA-2017-0019.html
RedHat Security Advisories: RHSA-2017:0020
http://rhn.redhat.com/errata/RHSA-2017-0020.html
Common Vulnerability Exposure (CVE) ID: CVE-2016-9635
Common Vulnerability Exposure (CVE) ID: CVE-2016-9636
Common Vulnerability Exposure (CVE) ID: CVE-2016-9807
BugTraq ID: 95148
http://www.securityfocus.com/bid/95148
http://www.openwall.com/lists/oss-security/2016/12/01/2
http://www.openwall.com/lists/oss-security/2016/12/05/8
Common Vulnerability Exposure (CVE) ID: CVE-2016-9808
BugTraq ID: 95446
http://www.securityfocus.com/bid/95446
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html

Copyright Copyright (C) 2017 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.882628
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for gstreamer1-plugins-good CESA-2017:0020 centos7
Resumen:	Check the version of gstreamer1-plugins-good
Descripción:	Summary: Check the version of gstreamer1-plugins-good Vulnerability Insight: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * Multiple flaws were discovered in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use these flaws to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9634, CVE-2016-9635, CVE-2016-9636, CVE-2016-9808) * An invalid memory read access flaw was found in GStreamer's FLC/FLI/FLX media file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9807) Note: This update removes the vulnerable FLC/FLI/FLX plug-in. Affected Software/OS: gstreamer1-plugins-good on CentOS 7 Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2016-9634 BugTraq ID: 94499 http://www.securityfocus.com/bid/94499 Debian Security Information: DSA-3723 (Google Search) http://www.debian.org/security/2016/dsa-3723 Debian Security Information: DSA-3724 (Google Search) http://www.debian.org/security/2016/dsa-3724 https://security.gentoo.org/glsa/201705-10 https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html http://www.openwall.com/lists/oss-security/2016/11/24/2 RedHat Security Advisories: RHSA-2016:2975 http://rhn.redhat.com/errata/RHSA-2016-2975.html RedHat Security Advisories: RHSA-2017:0019 http://rhn.redhat.com/errata/RHSA-2017-0019.html RedHat Security Advisories: RHSA-2017:0020 http://rhn.redhat.com/errata/RHSA-2017-0020.html Common Vulnerability Exposure (CVE) ID: CVE-2016-9635 Common Vulnerability Exposure (CVE) ID: CVE-2016-9636 Common Vulnerability Exposure (CVE) ID: CVE-2016-9807 BugTraq ID: 95148 http://www.securityfocus.com/bid/95148 http://www.openwall.com/lists/oss-security/2016/12/01/2 http://www.openwall.com/lists/oss-security/2016/12/05/8 Common Vulnerability Exposure (CVE) ID: CVE-2016-9808 BugTraq ID: 95446 http://www.securityfocus.com/bid/95446 https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
Copyright	Copyright (C) 2017 Greenbone AG