Wednesday, December 18, 2024

[USN-7174-1] GStreamer vulnerability

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAmdi5UwACgkQZWnYVadE
vpMjiw/6A0xQ6uu7qq56UjkBr0LW6UiEbA712SiD81PWX+TDGh9JMIWRuIkJKVZ/
ininISHbpMNsNd1Q3mvF3a91azI3i8ZxmZTFwso9r2fWw842tfcECEX2mQ5PTM3C
X6HPNwD1x69HpNKMwdDLGukS3nH912xTJ0TBaJdhPfQAXPZp9hY5R+hg3WNdnZmg
KkDAahahhQ+5btV2xpKexj/5NW3lMuzYZ5Lh9U8ZLTFrLPrTf+AFo7cASZYPf23T
WYHppP6XPpT3JVR8h/mHscbrQWlycWihcpBr3oxGVI+eqWjPT/MDmFegnntga0MY
ZGFdLSgaSpKpj/wdDXsFao2xoq+s+DRA/JUzeE5dKjndAItDY09urumh/nvE6oNh
XNZMcIDQk4BVkAqj+Aj6z3ZSHLfW4B0Si2Z6EMH/mumc0bAZrS0PNsD0BdaNhqd4
mrSWjIep6u+4a5OZlodxD3+dv1sb/L6yqqOA/MRCvfv5z8jpPuOQ1TVvOwxxGUi/
i4+DzTdogpV3Xcd2vxmD8lZXNUrJIr7yhbfUUwQMepBj2wW9xuRXIGF14r0k27bI
JZSz8DEU7RLRAfaLhkZHjjcRwS9VwoTZW2wson77h0nSU4VAg8x+cs4Ezbcv+Qf1
cgO8sUh3SFs9O37hIBk+gYDRUzCUJoDQfM4oYpTfFZY75E+7FN8=
=j1gP
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7174-1
December 18, 2024

gstreamer1.0 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS

Summary:

GStreamer could be made to crash or run programs as your login if it opened
a specially crafted file.

Software Description:
- gstreamer1.0: GStreamer is a streaming media framework

Details:

Antonio Morales discovered that GStreamer incorrectly handled allocating
memory for certain buffers. An attacker could use this issue to cause
GStreamer to crash, resulting in a denial of service, or possibly execute
arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.10
libgstreamer1.0-0 1.24.8-1ubuntu0.1

Ubuntu 24.04 LTS
libgstreamer1.0-0 1.24.2-1ubuntu0.1

Ubuntu 22.04 LTS
libgstreamer1.0-0 1.20.3-0ubuntu1.1

Ubuntu 20.04 LTS
libgstreamer1.0-0 1.16.3-0ubuntu1.2

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7174-1
CVE-2024-47606

Package Information:
https://launchpad.net/ubuntu/+source/gstreamer1.0/1.24.8-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gstreamer1.0/1.24.2-1ubuntu0.1
https://launchpad.net/ubuntu/+source/gstreamer1.0/1.20.3-0ubuntu1.1
https://launchpad.net/ubuntu/+source/gstreamer1.0/1.16.3-0ubuntu1.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)