Headline
Ubuntu Security Notice USN-6526-1
Ubuntu Security Notice 6526-1 - It was discovered that GStreamer Bad Plugins incorrectly handled certain media files. A remote attacker could use this issue to cause GStreamer Bad Plugins to crash, resulting in a denial of service, or possibly execute arbitrary code.
==========================================================================Ubuntu Security Notice USN-6526-1November 29, 2023gst-plugins-bad1.0 vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 23.04- Ubuntu 22.04 LTS- Ubuntu 20.04 LTSSummary:Several security issues were fixed in GStreamer Bad Plugins.Software Description:- gst-plugins-bad1.0: GStreamer pluginsDetails:It was discovered that GStreamer Bad Plugins incorrectly handled certainmedia files. A remote attacker could use this issue to cause GStreamerBad Plugins to crash, resulting in a denial of service, or possiblyexecute arbitrary code.Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10: gstreamer1.0-plugins-bad 1.22.4-1ubuntu1.1 libgstreamer-plugins-bad1.0-0 1.22.4-1ubuntu1.1Ubuntu 23.04: gstreamer1.0-plugins-bad 1.22.1-1ubuntu1.1 libgstreamer-plugins-bad1.0-0 1.22.1-1ubuntu1.1Ubuntu 22.04 LTS: gstreamer1.0-plugins-bad 1.20.3-0ubuntu1.1 libgstreamer-plugins-bad1.0-0 1.20.3-0ubuntu1.1Ubuntu 20.04 LTS: gstreamer1.0-plugins-bad 1.16.3-0ubuntu1.1 libgstreamer-plugins-bad1.0-0 1.16.3-0ubuntu1.1In general, a standard system update will make all the necessary changes.References: https://ubuntu.com/security/notices/USN-6526-1 CVE-2023-37329, CVE-2023-40474, CVE-2023-40475, CVE-2023-40476, CVE-2023-44429, CVE-2023-44446Package Information: https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.22.4-1ubuntu1.1 https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.22.1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.20.3-0ubuntu1.1 https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.16.3-0ubuntu1.1Related news
Gentoo Linux Security Advisory 202406-6 - Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. Versions greater than or equal to 1.22.11-r1 are affected.
Red Hat Security Advisory 2024-0279-03 - An update for gstreamer-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2024-0013-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7875-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7874-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7873-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-7872-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7841-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7840-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a use-after-free vulnerability.
Red Hat Security Advisory 2023-7792-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Red Hat Security Advisory 2023-7791-03 - An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow and use-after-free vulnerabilities.
Debian Linux Security Advisory 5565-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Debian Linux Security Advisory 5565-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.
Debian Linux Security Advisory 5533-1 - Multiple vulnerabilities were discovered in plugins for the GStreamer media framework and its codecs and demuxers, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened.