GStreamer plug-ins: User-assisted execution of arbitrary code

GStreamer plug-ins: User-assisted execution of arbitrary code Multiple vulnerabilities have been found in various GStreamer plug-ins, the worst of which could lead to the execution of arbitrary code. gstreamer,gst-plugins 2017-05-18 2017-05-18 600142 601354 remote 1.10.3 1.10.3 1.10.3 1.10.3 1.10.3 1.10.3 1.10.3 1.10.3

The GStreamer plug-ins provide decoders to the GStreamer open source media framework.

Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details.

A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service.

There is no known workaround at this time.

All gst-plugins-bad users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=media-libs/gst-plugins-bad-1.10.3:1.0"

All gst-plugins-good users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=media-libs/gst-plugins-good-1.10.3:1.0"

All gst-plugins-base users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=media-libs/gst-plugins-base-1.10.3:1.0"

All gst-plugins-ugly users should upgrade to the latest version:


      # emerge --sync
      # emerge --ask --oneshot --verbose
      ">=media-libs/gst-plugins-ugly-1.10.3:1.0"

CVE-2016-10198 CVE-2016-10199 CVE-2016-9445 CVE-2016-9446 CVE-2016-9447 CVE-2016-9634 CVE-2016-9635 CVE-2016-9636 CVE-2016-9807 CVE-2016-9808 CVE-2016-9809 CVE-2016-9810 CVE-2016-9811 CVE-2016-9812 CVE-2016-9813 CVE-2017-5837 CVE-2017-5838 CVE-2017-5839 CVE-2017-5840 CVE-2017-5841 CVE-2017-5842 CVE-2017-5843 CVE-2017-5844 CVE-2017-5845 CVE-2017-5846 CVE-2017-5847 CVE-2017-5848 whissi whissi