Oval Definition:	oval:com.redhat.rhsa:def:20170018
Revision Date: 2017-01-05 Version: 638 Title: RHSA-2017:0018: gstreamer-plugins-bad-free security update (Moderate) Description: GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) A memory corruption flaw was found in GStreamer's Nintendo NSF music file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9447) An out-of-bounds heap read flaw was found in GStreamer's H.264 parser. A remote attacker could use this flaw to cause an application using GStreamer to crash. (CVE-2016-9809) Note: This update removes the vulnerable Nintendo NSF plug-in. Family: unix Class: patch Status: Reference(s): CVE-2016-9445 CVE-2016-9447 CVE-2016-9809 RHSA-2017:0018 RHSA-2017:0018-00 RHSA-2017:0018-01 RHSA-2017:0018-01 Platform(s): Red Hat Enterprise Linux 7 Product(s): Definition Synopsis Red Hat Enterprise Linux must be installed OR Package Information Red Hat Enterprise Linux 7 is installed AND gstreamer-plugins-bad-free is earlier than 0:0.10.23-22.el7_3 AND gstreamer-plugins-bad-free is signed with Red Hat redhatrelease2 key gstreamer-plugins-bad-free-devel is earlier than 0:0.10.23-22.el7_3 AND gstreamer-plugins-bad-free-devel is signed with Red Hat redhatrelease2 key gstreamer-plugins-bad-free-devel-docs is earlier than 0:0.10.23-22.el7_3 AND gstreamer-plugins-bad-free-devel-docs is signed with Red Hat redhatrelease2 key
BACK