-----BEGIN PGP SIGNATURE-----
wsF5BAABCAAjFiEE2WgtvmwmcgaEBLlnCAvK1QvD6SAFAmhBtJ8FAwAAAAAACgkQCAvK1QvD6SAc
CxAAvq8mY0jmiK/te9QtLIglOzyOT3JNrgYgBDoaemJgljkgXEqtokFHuVhlxxYonk//ospJ7D4w
DidNDF4D1CW1LZLYYSXwTaX+3cL4+zcJ0xgkC0qEqbUyWUpTsuN9rMKomE8Djoq18ocLaULkTm1R
z8kSoaZ35k6R7vimemAyflo7ewaQOE/8Y2OFzCoAYkA+T0tcnVdTXvSpORTBX1AAIcGPa90nEioe
0iOwLVAF1pUPc1Km9YBn7EF2MwPrNLlYJBINVeiQjS6ivx2XM/Kbr+wMsW4Q0VJmag1gZRaSh0Hk
04ibDjbx2ECDjfClPWFYfp3yd9XcCjG7UiNyFFxQBhjzvt35+MdSVjGInFvtDqfWoLVX0zESzfkr
7UWQN/RHfkA4rNOaAeU+cIXRjty+APqLcIiRtexUJZstUqSDudAEzHeZcACShWgH9TqPO6OWIBzY
UQpbroy7SHV372Eto3ZbdXtmgY3JvmVH9L0eQ4l4ZbwuMBS/Jrgnw/E4n5Ivz8kOXSHcZ3jRV//g
KbGBqAF3GHFh6dbu9meQld1Av5OjHYpGQoZ9pmUQCzZ10S8WzC1/L5qNHJcfVwctDBxz+hyhLg+c
4qUTtrdj0L8mwgHvXtXe/upNmJZrlgsFPLR5oUvE6DNoxQtzBJnkxPWZhmDHqWN9LyO3x80/ve09
LCg=
=T7Pm
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7558-1
June 05, 2025
gst-plugins-bad1.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.04
- Ubuntu 24.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
Summary:
Several security issues were fixed in GStreamer Bad Plugins.
Software Description:
- gst-plugins-bad1.0: GStreamer plugins
Details:
It was discovered that the AV1 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. This issue only affected
Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444)
It was discovered that the H265 codec plugin in GStreamer could be made
to write out of bounds. An attacker could possibly use this issue to
cause applications using the plugin to crash, resulting in a denial of
service, or possibly execute arbitrary code. (CVE-2025-3887)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.04
gstreamer1.0-plugins-bad 1.26.0-1ubuntu2.1
libgstreamer-plugins-bad1.0-0 1.26.0-1ubuntu2.1
Ubuntu 24.10
gstreamer1.0-plugins-bad 1.24.8-2ubuntu1.1
libgstreamer-plugins-bad1.0-0 1.24.8-2ubuntu1.1
Ubuntu 24.04 LTS
gstreamer1.0-plugins-bad 1.24.2-1ubuntu4+esm1
Available with Ubuntu Pro
libgstreamer-plugins-bad1.0-0 1.24.2-1ubuntu4+esm1
Available with Ubuntu Pro
Ubuntu 22.04 LTS
gstreamer1.0-plugins-bad 1.20.3-0ubuntu1.1+esm2
Available with Ubuntu Pro
libgstreamer-plugins-bad1.0-0 1.20.3-0ubuntu1.1+esm2
Available with Ubuntu Pro
Ubuntu 20.04 LTS
gstreamer1.0-plugins-bad 1.16.3-0ubuntu1.1+esm1
Available with Ubuntu Pro
libgstreamer-plugins-bad1.0-0 1.16.3-0ubuntu1.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7558-1
CVE-2023-50186, CVE-2024-0444, CVE-2025-3887
Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.26.0-1ubuntu2.1
https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.24.8-2ubuntu1.1
No comments:
Post a Comment