You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa GStreamer Base Plugins

Sigurnosni nedostatak programskog paketa GStreamer Base Plugins

by - 0

==========================================================================
Ubuntu Security Notice USN-3958-1
April 29, 2019

gst-plugins-base0.10, gst-plugins-base1.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 18.10
– Ubuntu 18.04 LTS
– Ubuntu 16.04 LTS

Summary:

GStreamer Base Plugins could be made to crash or run programs if it
received specially crafted network traffic.

Software Description:
– gst-plugins-base1.0: GStreamer plugins
– gst-plugins-base0.10: GStreamer plugins

Details:

It was discovered that GStreamer Base Plugins did not correctly handle
certain malformed RTSP streams. If a user were tricked into opening a
crafted RTSP stream with a GStreamer application, an attacker could cause a
denial of service via application crash, or possibly execute arbitrary
code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.10:
gstreamer1.0-plugins-base 1.14.4-1ubuntu1.1

Ubuntu 18.04 LTS:
gstreamer1.0-plugins-base 1.14.1-1ubuntu1~ubuntu18.04.2

Ubuntu 16.04 LTS:
gstreamer0.10-plugins-base 0.10.36-2ubuntu0.2
gstreamer1.0-plugins-base 1.8.3-1ubuntu0.3

In general, a standard system update will make all the necessary changes.

References:
https://usn.ubuntu.com/usn/usn-3958-1
CVE-2019-9928

Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.14.4-1ubuntu1.1

https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.14.1-1ubuntu1~ubuntu18.04.2
https://launchpad.net/ubuntu/+source/gst-plugins-base0.10/0.10.36-2ubuntu0.2
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.8.3-1ubuntu0.3

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzG/fAACgkQZWnYVadE
vpNBOxAAmENrQSKsLHW9zCut6V2EAVJZFMeH9i6/0pF5w400jgL9e2A2H4D9jycQ
zIg9j8Y6vUUmQ0CB8E6RZnsJVGZJgyyIJnrKc06tHe7zWKBxu5oHEOBf0vzCW+CL
r5zINr/qfqpZIKhRgunO/Cx3xSQkNapDikbXO36Gh5Dw4N3KwK1hOVI4PQghe3hO
mUELhWMVs/PjGos3lvF6+Flt1QHqdjMSBy3h4yhFutp7+WWEPNFXKuzTQQMmuOnz
wVOYuw6YW8DVyK5WirYyJ4INRR7lS32vYdttPG3npVMkOA7+HmjxMciD670U6gVJ
UMUDKkkgIZv/WVV2if97KwwM1NcPKnSnBg2NHqOamKRKEDaXeickKON+UjWXGTid
6YGH4MU0p8eLBfO9V92x91UsjDorNkDDRUjOTu+7ASC5QF89bBmOceGs2DQWHkiA
5sY7JhgBDtFF8UH3NU/HmANzp5arBlrn6/s19f+Gu5gIGxgOczMfiTGLBa7V9doM
5FXEZHL6Zkn2eC/qlXzOmuzoFCKgqLLHJm3UelYd24aBvyHfRL1tp0C5JY/r1vUU
cWBTkJyoe9rsSXQVAzbmKVuZGR3H1VAfWm60GzaUXmkLKvHEpMtF4a8DVMUhu3cS
RjTA4DzmSrW+u2IWc2poq+8xlgVSEJC2GVU5bRIL4UVoisxh0II=
=Nq71
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa samba

Otkriven je sigurnosni nedostatak u programskom paketu samba za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje izvođenje 'directory traversal'...

Close