—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– ————————————————————————-
Debian Security Advisory DSA-3818-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq
– ————————————————————————-
Package : gst-plugins-bad1.0
CVE ID : CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 CVE-2017-5843
CVE-2017-5848
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
For the stable distribution (jessie), these problems have been fixed in
version 1.4.4-2.1+deb8u2.
For the upcoming stable distribution (stretch), these problems have been
fixed in version 1.10.4-1.
For the unstable distribution (sid), these problems have been fixed in
version 1.10.4-1.
We recommend that you upgrade your gst-plugins-bad1.0 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljZeUgACgkQEMKTtsN8
TjYdVRAAp1cFElIuKRDf5hbwgO08655Q/NCLstMBCh6E4U//DemhLbTiWJ94YbpG
C+LPzZff39G4z8B2uLOp8fnMnIvQF480xsAbYIGieg+UeuS9SPP4BbOeU0DAPgf7
5ufi+HVvdZ1F6a5JYW6FZ2v9xwhd8FHuZ46u+bEWE6GDjdEcJelSrGudV6KmOyyI
u6toH8KtPXQpHgs+yDdvIUK0q+5dYss9jlUGzZ7jTgH6Nywd36sQuxH8f8vDP8w9
Qi36wUvrv9Tz1vngmaUWKUegDkDYLErQsKkqSHaGwuzskypUqlC80Wket9m5uDCw
eNI1FD+YeO67ruZz4MyDSht9Q64TML20tfJpxoATumXuZgDCpFwtC4fj9rR/xuh7
mSecfMSqza5zTLXCh/5cBNp1EW7TXLVWYi7WZ0W2u0//B42jhGJkKH0Aw3GhzHF/
xcM/W5lsDeCxOzydje7vcR3zgxuU8DwDvFie5Dq9tu5+ZRCbgC8Nd8Yub+yShGIP
eMjQ9CxQEdE3Rm1pUJkBVHr3Vdm+SJ8rB+ushDjlMzE4mEsQZRajpFOLEV3Mqm9Z
nYu1G3ucggGvBsbsykcnr9xjX04uZVtYrPVCTg0L4fwIAMScjR/nlqdHMniSN+HZ
TFF4K0Z5flUuME7ws1HIFKORYTeGqejNT/tTaoVrwQvKtW2aS/4=
=H1vE
—–END PGP SIGNATURE—–
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– ————————————————————————-
Debian Security Advisory DSA-3819-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq
– ————————————————————————-
Package : gst-plugins-base1.0
CVE ID : CVE-2016-9811 CVE-2017-5837 CVE-2017-5839 CVE-2017-5842
CVE-2017-5844
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
For the stable distribution (jessie), these problems have been fixed in
version 1.4.4-2+deb8u1.
For the upcoming stable distribution (stretch), these problems have been
fixed in version 1.10.4-1.
For the unstable distribution (sid), these problems have been fixed in
version 1.10.4-1.
We recommend that you upgrade your gst-plugins-base1.0 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljZeU4ACgkQEMKTtsN8
TjaMHBAAlW7taQZX5QmMN2wvpYRqfGKnTDTHYldqqDPtE6yMt50AqBkG7sg0xgMd
X93ekmXe840y23g4aElM4pXvBgLJJKhpqddqf67YRlHbhNkTs+NNydYE3Wuhk3tf
sHA/SEWr0hwFEl6aw39P3i26W2txemc3siJVlUtqtxluyBXQVsYMoI8BupZAPG+Y
LRBq0Oob1r801yt3vcBcXAVv9grFLFFFf6IWnSAeMcyZmZnpLozIgu1UpjT2ABgq
qkqfLOd6G0k5Jr+leEekV9UkAivUuiIhmE0w7pEjDsrw+NAeLsO0SIcbiHy5p79n
6RzZDDjSeure1dZkAYdsdQDsFZpYfg+nfnsBFK5Z8ZxqXNT1Eko+S62XvoM4IFfz
VmGBSZsTGnBSzc0E0/Thgw+gu9X6uz0hin63QS4cunZdS6V89+ep0r6NxPl9cSTp
OmEmUjkRDMCjfixNRQ11YLXqZGvMqSuX5YwKraCdv5xEtxpj/lmZ5uOFUuXl9lwA
EcAqkubVbN28XchLGjwfgTWb4P2WC26LtLTvPXUgZ4vSecwh08a+TuOMxXhjX2QY
qRq+f/palIPB0j90l1wywLa1tgXh/1nMihctAw3JlDRSFp1QCN/kpaNpHKUCsBG4
Pnr7oBqUCPXQBymKE3VtXxH8nI5jJOfUK4ylj0zjTlqIHFbOncs=
=a6+v
—–END PGP SIGNATURE—–
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– ————————————————————————-
Debian Security Advisory DSA-3820-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq
– ————————————————————————-
Package : gst-plugins-good1.0
CVE ID : CVE-2016-10198 CVE-2016-10199 CVE-2017-5840 CVE-2017-5841
CVE-2017-5845
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
For the stable distribution (jessie), these problems have been fixed in
version 1.4.4-2+deb8u3.
For the upcoming stable distribution (stretch), these problems have been
fixed in version 1.10.3-1.
For the unstable distribution (sid), these problems have been fixed in
version 1.10.3-1.
We recommend that you upgrade your gst-plugins-good1.0 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljZeVAACgkQEMKTtsN8
Tjb18RAAioFHYR/9T9ZBlmFi40Q+1MR5YLBbci6I9kLxwW9b5cR1VsX8KMFx1x8I
/4rtG4CohWb3p6TYDI6MbKafk4fivhTWdoJ4SW5TORSdXWp6mCvXLcRMcYfohMJ5
ETND7kQtyNWf77vU2hEmYomvsDm+dso9sKDMd7QoxthT1bW+qZZ3lhJVaTydZBsM
aR8/gZ04Rx1Z/0968hqsizkp1tRk8RHEriWOQEN+bdJ6g9JLX724p85w018LEmf8
tDTXsSPvQbPLJqefoLdScnTOeiKq1eyscfE9e4wp8wOp4QoJ6jkDPgIOYK7YSzxo
nZxZBIwo3Qqzc4aXEeiOyQcBHzolXlB2/6d3GMKdDLF23QKyJyOZkNMT+Ws9oyae
1wkxeY8JYsFzEQfLvveOkJo3ZwH6xqTGhDD/T60kk3L5BJX18EpJCDB0b+jj8d63
nbANmTnwdL7UKJS6ZXfGIvEOd4jzVlyH2ubHBQHG3ezbu3NPd0uTtzPJIbvI5SfV
OG63R0hyAeFgfNIUuPQPicJKkWHezMjqxwPMrerI0D8Hza5hgIOfOlA/SpVZOrDy
C/0uTnoaQ3E1ZDIfzF4/EJbKeHD7Y4T9HH3b1JBwM827YJQRLWK6jAtXxVm2l43w
+g/5jweVYzT4GW2qzb+os3EZEFTEMQ0S6KxeSMy/ZEFc1HL3aEs=
=Q7lj
—–END PGP SIGNATURE—–
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– ————————————————————————-
Debian Security Advisory DSA-3821-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq
– ————————————————————————-
Package : gst-plugins-ugly1.0
CVE ID : CVE-2017-5846 CVE-2017-5847
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
For the stable distribution (jessie), these problems have been fixed in
version 1.4.4-2+deb8u1.
For the upcoming stable distribution (stretch), these problems have been
fixed in version 1.10.4-1.
For the unstable distribution (sid), these problems have been fixed in
version 1.10.4-1.
We recommend that you upgrade your gst-plugins-ugly1.0 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljZeVEACgkQEMKTtsN8
TjaxYA//Qnfi2kL45WWACv2b+ABA6MqthGimYls9KNk8KC++maOTvjA3XgEsRiTQ
vY+Y5frNZWTtJqXAeSFebczRVZqsznzRXEYrtepR9/R3zxwgax3nbTzdXPVqqKRx
WIO+ZLWjuz7EkH4U1Y0E2q7LeNvA6kMKXCyACrqGnNFUh/cwtCBMmsQFTXUzvD3T
ztGeUkvgxFPehjn9udWOYlMCrsjNM3XVFqVfRePph7f5yIiuwfST5GyhGdpQGJSJ
mSNG5aZklDuqwSigGc8V3O45CXoN0VzAwh2YNgaIvGSUNsCFRokPfqiHwlr43K4A
DRlQbLvIoWQk4QYzymDVkMJxIqv1IOY8LtqFc+CAu+aIVNet3UsBdlzvILulOzdU
sCsz1UMQ1QsSfro5LFbgZ3854pzRlStu9ZgI2U5ORK1l/Da5hdgF9ZzDtgY0sOGj
2J2TwsGMnUan3/zIORTi3bcfDHhHh2gPXavCb7JHrOT5zUh9WbDTGDY3OBM2G46E
HB4eGYsK5I98rVIBI3a46lR2LP36GCn+DLpugb+Djr11K6FR0p5JkhK+OIco47j1
YBDb/RxoBj6kIBuLL7WBgkoDA4HCruCrdjmtDBIfrgnVnIcdkaV8luX0wU/dAHfV
bUzQ817GxCh69tuXn85Qsr8kIuynzsg0bgovRMqBry1VKsVq6d8=
=y39H
—–END PGP SIGNATURE—–
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– ————————————————————————-
Debian Security Advisory DSA-3822-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
March 27, 2017 https://www.debian.org/security/faq
– ————————————————————————-
Package : gstreamer1.0
CVE ID : CVE-2017-5838
Hanno Boeck discovered multiple vulnerabilities in the GStreamer media
framework and its codecs and demuxers, which may result in denial of
service or the execution of arbitrary code if a malformed media file is
opened.
For the stable distribution (jessie), this problem has been fixed in
version 1.4.4-2+deb8u1.
For the upcoming stable distribution (stretch), this problem has been
fixed in version 1.10.3-1.
For the unstable distribution (sid), this problem has been fixed in
version version 1.10.3-1.
We recommend that you upgrade your gstreamer1.0 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAljZeWAACgkQEMKTtsN8
Tjb7Cw//bOpMIt+pvp5XGNHBPkEe8xLhNtdo8c6YPeQNufv5zQTcK3mjiMGH5bVA
cOLIWFMP0J5Cf9elyjH2BzQpNU/JQtu3CVymOwroxeAjEUNx46s/1cYRDftmLPoA
LaGlAntYf3AC4dDce7LA/DIZZUgoIg2vytonGeMNTkpABbTUWPz5PF98Pxk0xmnR
hrpWNeXHPCqUVkHzqdGQRNhJB1ay2reC3aCSOMFcmGCYmGRTW0nzyeTrkyDez7y/
KkS1SAZVvMLHaQk+4X+++hWM9t4vj6iqzrhU8vjVCvAqy9UhC1xn58MQxHaraa3G
U4S3mSt/dXoZbhXffX7UZ4yJPzhzQ8h1e7x4HODfX10OgPGuCWwXW1qZKYWyd3cd
//z4+bdZQyihWH4OaNH56KvfOo+LeEGfBUM9WW5kW51s6QWw2wurCptUIWVRwP07
0X5sWp8gUYQJFP+MsZeYnvFATxsjGPd7EGtooQuhbkSkygIM0FLrAn2gA08X2IvV
yu7Ilsn7RAn88PsKZ06WeI85ZlvVB5zpzXQU/2yGipfPJalrX9erQbxIW8qcdfgt
RdoR7Qj0eWyQLXDwnFh/FvClJyERJBtJekf4aBW0dRBUerLmtth2GfiGM7AWtcTn
XyrS8zp+7f9u9oCPM1tZ0/psdW86jQ7llKEDUKl6zrVKETuINzQ=
=+9st
—–END PGP SIGNATURE—–
==========================================================================
Ubuntu Security Notice USN-3244-1
March 27, 2017
gst-plugins-base0.10, gst-plugins-base1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
GStreamer Base Plugins could be made to crash if it opened a specially
crafted file.
Software Description:
– gst-plugins-base1.0: GStreamer Plugins
– gst-plugins-base0.10: GStreamer Plugins
Details:
Hanno Böck discovered that GStreamer Base Plugins did not correctly handle
certain malformed media files. If a user were tricked into opening a
crafted media file with a GStreamer application, an attacker could cause a
denial of service via application crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
gstreamer1.0-plugins-base 1.8.3-1ubuntu1.1
Ubuntu 16.04 LTS:
gstreamer1.0-plugins-base 1.8.3-1ubuntu0.2
Ubuntu 14.04 LTS:
gstreamer0.10-plugins-base 0.10.36-1.1ubuntu2.1
gstreamer1.0-plugins-base 1.2.4-1~ubuntu2.1
Ubuntu 12.04 LTS:
gstreamer0.10-plugins-base 0.10.36-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3244-1
CVE-2016-9811, CVE-2017-5837, CVE-2017-5839, CVE-2017-5842,
CVE-2017-5844
Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.8.3-1ubuntu1.1
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.8.3-1ubuntu0.2
https://launchpad.net/ubuntu/+source/gst-plugins-base0.10/0.10.36-1.1ubuntu2.1
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.2.4-1~ubuntu2.1
https://launchpad.net/ubuntu/+source/gst-plugins-base0.10/0.10.36-1ubuntu0.2
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJY2VY7AAoJEGVp2FWnRL6TRscP/26XYkQQowhj5Z1yp7Qpk4BU
xFJnbBwkzUPxYGZDyXCar43w+m9UWnVef5ucqtlnl72SvlWOkbfh+35ZtGH4UFIh
g+juMhjHiDySTrPJphzRzLf4Hsm84TcjrQ1B+8o7ProNeyxroaep1VRLLkeJ3pay
TU+oQYoTVU394eM0pbSEFUvtNmzFKs6LJnEHqckk0hD7kJ2ZpxOoedk1eY8kjVbu
7TBkMlOjoUrudPhsj6wau97+rJg7rjAKQ6Lh9q47dH4IC4qoc4/KrU4jx9dVXqNF
Pr8/pMpccgZlxRiNjmGruVVX+KLLnv9CDioH2k2NRx8tuxVAVZO1T4lDO8XXSbry
qJjhNO7Sw+RzK47h5QGUcWl2YNqonY//JIFn0rW/lN6folGygUM1rZhAuDG+P6n1
2E4uYWBada6zlPpPOBhafkfVyGlJcIbDAbLAdPw010YRyNAJWBgaMx2IlBtf3R8I
g8ntoorgpAe9kt0cN2kS/SOqd0Mv66kGhHOqlZzWezeBbvQcAs3zW3izilKrb1mB
UfQw5/L65qkJOleo3TGSoBzDSgT6hAtmHCwFGwxGNCfHtX/v4yY7Zoa4nS3f85eL
cbElAUx7Cp0iJaZcaJKONW5j+k4lOPMkH6tje4ngqeNHd4/3oFP0m4Kh+mWDR6r+
lw8vpAfNpiEgBIKIZ9MJ
=HGN4
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
==========================================================================
Ubuntu Security Notice USN-3245-1
March 27, 2017
gst-plugins-good0.10, gst-plugins-good1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 16.10
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
Summary:
GStreamer Good Plugins could be made to crash if it opened a specially
crafted file.
Software Description:
– gst-plugins-good1.0: GStreamer plugins
– gst-plugins-good0.10: GStreamer plugins
Details:
Hanno Böck discovered that GStreamer Good Plugins did not correctly handle
certain malformed media files. If a user were tricked into opening a
crafted media file with a GStreamer application, an attacker could cause a
denial of service via application crash.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.10:
gstreamer1.0-plugins-good 1.8.3-1ubuntu1.3
Ubuntu 16.04 LTS:
gstreamer1.0-plugins-good 1.8.3-1ubuntu0.4
Ubuntu 14.04 LTS:
gstreamer0.10-plugins-good 0.10.31-3+nmu1ubuntu5.3
gstreamer1.0-plugins-good 1.2.4-1~ubuntu1.4
Ubuntu 12.04 LTS:
gstreamer0.10-plugins-good 0.10.31-1ubuntu1.5
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-3245-1
CVE-2016-10198, CVE-2016-10199, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5845
Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.8.3-1ubuntu1.3
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.8.3-1ubuntu0.4
https://launchpad.net/ubuntu/+source/gst-plugins-good0.10/0.10.31-3+nmu1ubuntu5.3
https://launchpad.net/ubuntu/+source/gst-plugins-good1.0/1.2.4-1~ubuntu1.4
https://launchpad.net/ubuntu/+source/gst-plugins-good0.10/0.10.31-1ubuntu1.5
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAEBCgAGBQJY2VZKAAoJEGVp2FWnRL6TYXsQAKHn1YfcdlE3h5t+GGDweNoA
i5kXxQ6+J1YcAK59gbacnSAZzVxATjWReWGqlQGwTqd34NNVOFyzvuf1k9KunIA5
GeeqSgSeUr8QlJRUtYQXsf0aKXgrt0bV7ByEvhqD6jk46D+ZBUVmCsAjY6CSfGok
0kYB9KPqONwAiETmWbf2MT9WbsP0BmH4+MfM9cOt4K/ns4BboJKEqI3UEWTLMeVW
90h6Dn4LlV5avOCyhRDgIjvkLx2MlT6ckMJZqIYK+RN6eW+AIvOhfxGj+w6aXP6W
VG9h46AFP5JyPsRjYmx0BeNpfAJETQXQxC4cj4lJzHtwX9vJV9nWHwoOkvz4U+Ob
ddkbvyZBUVSmbDMHoeg/skrnJHZG6RYVTXsEh4cJeQ6I33PmnoqMRAoR6CLj455x
YJWXF96i9YAtso7XhwM0vz1A6AF3qgCYsfaUlMh/NGRym6J5OJnLNQN1yZUzkTvc
2DUme81I0KVPu2aqH/yGlx22AlGkbNPoelrvReEUjSENoeKVGREPd1etn0NZ9RpA
brXHFOoJAlfLhRoQEaTH50HI0u6kiOriHqsRJEoPVqengUkQmDUt+nd19qOp20Lx
LYvMRj4xXYwnDMrRdbqA9ZewstlMGZbLWAZAdLwsMABW9V4oGQMIIFqbU6vn18Tv
fCZokK7bTPs9MWrDcIy1
=LEhF
—–END PGP SIGNATURE—–
—
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce