| Summary: | gstreamer1.0 new security issue CVE-2017-5838 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | lewyssmith, mageia, mageia, marja11, pkg-bugs, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://lwn.net/Vulnerabilities/713776/ | ||
| Whiteboard: | MGA5-64-OK advisory | ||
| Source RPM: | gstreamer1.0-1.4.3-2.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-02-02 12:14:55 CET
Assigning to the registered maintainer, but CC'ing all packagers collectively, in case the maintainer is unavailable. CC:
(none) =>
marja11, pkg-bugs
David Walser
2017-02-07 12:10:50 CET
URL:
(none) =>
https://lwn.net/Vulnerabilities/713776/
David Walser
2017-02-21 12:27:49 CET
Assignee:
fundawang =>
shlomif openSUSE has issued an advisory for this on April 18: https://lists.opensuse.org/opensuse-updates/2017-04/msg00058.html pushed in updates_testing
src.rpm:
gstreamer1.0-1.4.3-2.1.mga5CC:
(none) =>
mageia Advisory: ======================== Updated gstreamer1.0 packages fix security vulnerability: A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (CVE-2017-5838). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5838 https://lists.opensuse.org/opensuse-updates/2017-04/msg00058.html ======================== Updated packages in core/updates_testing: ======================== gstreamer1.0-tools-1.4.3-2.1.mga5 libgstreamer1.0_0-1.4.3-2.1.mga5 libgst-gir1.0-1.4.3-2.1.mga5 libgstreamer1.0-devel-1.4.3-2.1.mga5 from gstreamer1.0-1.4.3-2.1.mga5.src.rpm Installed and tested without issues. Tested using gst-play-1.0 to play dozens of video and audio files, including local and remote (http) files, using a variety of codecs. $ uname -a Linux marte 4.4.82-desktop-1.mga5 #1 SMP Sun Aug 13 18:03:58 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux $ rpm -qa | grep gst.*1\.0 | sort gstreamer1.0-libav-1.4.3-4.mga5 gstreamer1.0-plugins-bad-1.4.3-2.mga5.tainted gstreamer1.0-plugins-base-1.4.3-2.2.mga5 gstreamer1.0-plugins-good-1.4.3-2.2.mga5 gstreamer1.0-plugins-ugly-1.4.3-2.mga5.tainted gstreamer1.0-pulse-1.4.3-2.2.mga5 gstreamer1.0-soup-1.4.3-2.2.mga5 gstreamer1.0-tools-1.4.3-2.1.mga5 lib64gstbadbase1.0_0-1.4.3-2.mga5.tainted lib64gstbadvideo1.0_0-1.4.3-2.mga5.tainted lib64gstbasecamerabinsrc1.0_0-1.4.3-2.mga5.tainted lib64gstcodecparsers1.0_0-1.4.3-2.mga5.tainted lib64gstgl1.0_0-1.4.3-2.mga5.tainted lib64gstmpegts1.0_0-1.4.3-2.mga5.tainted lib64gstphotography1.0_0-1.4.3-2.mga5.tainted lib64gstreamer1.0_0-1.4.3-2.1.mga5 lib64gstreamer1.0-devel-1.4.3-2.1.mga5 lib64gstreamer-plugins-base1.0_0-1.4.3-2.2.mga5 lib64gstreamer-plugins-base1.0-devel-1.4.3-2.2.mga5 lib64gsturidownloader1.0_0-1.4.3-2.mga5.tainted lib64gstwayland1.0_0-1.4.3-2.mga5.tainted lib64qtgstreamer1.0_0-1.2.0-2.mga5 lib64qtgstreamerutils1.0_0-1.2.0-2.mga5 packagekit-gstreamer-plugin-1.0.6-0.4.1.mga5 CC:
(none) =>
mageia Thanks PC_LX for this test. Validating with just 1 good test as per current policy. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0300.html Status:
NEW =>
RESOLVED |