——————————————————————————–
Fedora Update Notification
FEDORA-2017-216f4b9f9d
2017-02-20 15:20:58.381002
——————————————————————————–
Name : mingw-gstreamer1-plugins-bad-free
Product : Fedora 25
Version : 1.10.3
Release : 1.fc25
URL : http://gstreamer.freedesktop.org/
Summary : Cross compiled GStreamer1 plug-ins “bad”
Description :
GStreamer is a streaming media framework, based on graphs of elements which
operate on media data.
This package contains plug-ins that aren’t tested
well enough, or the code is not of good enough quality.
——————————————————————————–
Update Information:
Security fix for CVE-2017-5848, CVE-2017-5843 – Downgrade to 1.10.3 as it is the
latest stable release
——————————————————————————–
References:
[ 1 ] Bug #1419583 – CVE-2017-5848 gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm
https://bugzilla.redhat.com/show_bug.cgi?id=1419583
[ 2 ] Bug #1419592 – CVE-2017-5843 gstreamer-plugins-bad-free: Use after free in gst_mini_object_unref / gst_tag_list_unref / gst_mxf_demux_update_essence_tracks
https://bugzilla.redhat.com/show_bug.cgi?id=1419592
——————————————————————————–
This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade mingw-gstreamer1-plugins-bad-free’ at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org