Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1428
GStreamer Media Framework Plugin Vulnerabilities
28 April 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gst-plugins-base1.0
gst-plugins-bad1.0
gst-plugins-ugly1.0
gst-libav1.0
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Execute Arbitrary Code/Commands -- Unknown/Unspecified
Denial of Service -- Unknown/Unspecified
Resolution: Patch/Upgrade
Reference: ESB-2021.1401
Original Bulletin:
https://lists.debian.org/debian-lts-announce/2021/04/msg00028.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00029.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00030.html
https://lists.debian.org/debian-lts-announce/2021/04/msg00031.html
Comment: This bulletin contains four (4) Debian security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2641-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 27, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : gst-plugins-base1.0
Version : 1.10.4-1+deb9u2
CVE ID : not yet available
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.
For Debian 9 stretch, this problem has been fixed in version
1.10.4-1+deb9u2.
We recommend that you upgrade your gst-plugins-base1.0 packages.
For the detailed security status of gst-plugins-base1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-base1.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6DIACgkQnUbEiOQ2
gwKUrhAAz3wDm3Q5b64NezbZ1Xp5AtkzUETiteGS2hdgePcc1XTwxST8YHANmbVn
cv3eLA2hQJYeulKfg0qU7yvZHw5zfaSUYg8e9A9cXa6wFdGsehTXIKtb1N9dV3F+
Fqn8VrpjOabi3zVxicvDghgEXg0GP5csy4APwF+0rkOkus30UdpdU+vJtNZDXX5V
6uPRtD3VvuAoDRbVpbZ464ShSLh6PXuYpt1Jz62MoY5pQirkGKbMbm+MmxDMhkJI
1g48AF43QtdYj+boDg+kYn70UXofVDs0RAwO9iN8vEKE7qkUsk6O1CwBVxX40OQa
HV/GGEDbPe7k4mpSScePMk//LCTfD1r6VD0p/zFLT4MYNKbf3qVU6uoCmK7aGADz
7cJ7+l9T6AtwIQz7lerzTjsMR/v/lhgyzRjtKAga3GxzstoRi89wyFBkNlSJFZD/
efbW7ziYN1S2Xv5dIvJ6j3QGwU+l78IKw4v4eQKcX+4cTHuEvQsJnOGLQLy/avQc
7InJr9ObvgNU1oHNJLPuffxMc/a7pta2Hni8vaRfTrFh5DgnICLgkOMPhym8UuW8
LPAVze8KxD9nM9J7+9+MElg+GYXMkZnE1BmdxYNwKCdn0gRonvEdlrI7e9peDVQi
EMh2PeGSJEaLqGwvZQRtDZqoZhX4X+O2cr+KVh9jk++JL5uUeho=
=87jP
- -----END PGP SIGNATURE-----
- -----------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2642-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 27, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : gst-plugins-bad1.0
Version : 1.10.4-1+deb9u2
CVE ID : not yet available
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.
For Debian 9 stretch, this problem has been fixed in version
1.10.4-1+deb9u2.
We recommend that you upgrade your gst-plugins-bad1.0 packages.
For the detailed security status of gst-plugins-bad1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-bad1.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6MMACgkQnUbEiOQ2
gwKFSRAAwR98zgfEMA0naRlmg1HCCr2IaBv/DR77+v+f840qaI5cxDEc6iqvbjux
Cvm05dL1oocHfarKukxdm6uI9Ap1RTF4Qwe3hmTIO7uWeULSPeuh1BkeNq+r7EcZ
CV/5tTu6lCj6ZGv3XeDb7eRN/IbJNro2SJn0TUespYeJr8vfzKsNLxfEMAeEj//R
IyHOB+F8hmBq00f887j1yBfDjche9U7njlIW16g1+d0vLyX+e/BivWXdu9do6Xxa
GuyOwSCih/OvW1fgC00CHARR6ayZKGCOn1fZVe9N9eCDKdGj1IucH5w4FQbhRqQY
7dltlyqdiOS5ykj09Cev+9lj5PBtG1crSn/Bz1Wzt1fTqNrr4Rz0YLv8fN2zfyaT
K03gL3S8fO8avGhNP50GHEds7wh3YBseHTBVK76vGoS7IQZw6Z7ojI4vEgusG2hJ
lCqgvk+CrhjrOraq2/MJarGykZUr+QafLoV0vcIxnpw9Dk5MaU6UQIvOpp35Xgin
rFNvxmP9AzUzAi41txq+vr7EsDUH+cQeSU/fYqFL0B2emwQZIVWfmG81SLJHMRCO
h5iTy2ATPNj23ocM36Z23Tr+Fz3DBtSibCEsUBMYROUl8qFq2cozkklXhrBZ5J6L
VtTUwCIByOcnqFIuJvfhTnMUlmZ09AZfZDOmdWd6M8B97SqPKig=
=DcM+
- -----END PGP SIGNATURE-----
- -----------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2643-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 27, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : gst-plugins-ugly1.0
Version : 1.10.4-1+deb9u1
CVE ID : not yet available
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.
For Debian 9 stretch, this problem has been fixed in version
1.10.4-1+deb9u1.
We recommend that you upgrade your gst-plugins-ugly1.0 packages.
For the detailed security status of gst-plugins-ugly1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-plugins-ugly1.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6UQACgkQnUbEiOQ2
gwJgZw//S8/1Scus9WTKFmlomWHfnWd+4B4n1z5I9y95k3oB1sB0DkHRVNFufCJB
3YydAgSeYsXFxzIBr8tstbw3mnsUTqG2ij+0zGLlPpxSIGGpo24azZPchYV8H0Fn
fwOPff7fNqKr22LYZoQehjf6PcrF3gXtJ9QvqbOWBZj+WZa+P29tZg+QpHuZOxR3
Fsjv5+4r7IYxAxeJw1el5WQO4t0a/Rbxv84fagUqNfpdzzejWZqqerC4g/a1LGQg
6fauRtbsqRave1hqwBWUnT58KLHnoGLnqqyqWiVrmVfLTDw2LuI71tBj5Pf2PVlw
1tDiFbXM+M8stPbwSR3w0osOf+aam4E1mqv7c8zw5DrYCDn2vCLj/wZqsFi1GuLD
iAumWWe3SO9I/0ijrg3dkcdTww+m6Uj1Gnu0LpsedL/rAIs793miZlR0dSycRTHb
8HCQ+hoz+gkkNMA2U3C/pH1zAegqQIhdxPKMLxt8ChcizwvhXYl746Dkx8Tqda33
NEaC7vWJvKodfbKz0Huf0pSx4tFW0wtTH0DOo6sEyBEttCXegO0s6q9K6cE4vjm5
nKXVQNjS/qRngpfjHXBDLP9XkWUPWV0CaLwKqVv19uwn2w3axk3ULmjsCx46J+dF
Lr7ehLybe5HIRi0KzgWONf12VnHG7owKjnW+ATO0ZWjai9qdtIw=
=uful
- -----END PGP SIGNATURE-----
- -----------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2644-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Emilio Pozuelo Monfort
April 27, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : gst-libav1.0
Version : 1.10.4-1+deb9u1
CVE ID : not yet available
Multiple vulnerabilities were discovered in plugins for the GStreamer
media framework, which may result in denial of service or potentially
the execution of arbitrary code if a malformed media file is opened.
For Debian 9 stretch, this problem has been fixed in version
1.10.4-1+deb9u1.
We recommend that you upgrade your gst-libav1.0 packages.
For the detailed security status of gst-libav1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gst-libav1.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmCH6bYACgkQnUbEiOQ2
gwK8Hw//dAkKtbIOy2QmqvJsIMTgojMdhc1QRdsBFGELPuESDZswN6sUoblfNaQj
uX0R9lmuTotvdhwtp3+lur+AEqErGOAMamb5ou5TwY0w97ZOeA4jai0BuZNA9mqo
ysXdkc7qwmLTDxmES8L944+rlGGepRRMzKsQKYocj7p/Ztx0OItNXah9/jGVVC2B
OZDtvod03bQ0CjxI+W/OD1Z26a4I/QAH+RZbVSjc/XQT0G6iPgycDxhrZ0iXgry1
vZTsUqrLWNPZHdiNb0BQYeGTNB7VBvcnR1mPqhVynKX1GV+/WGkiVBICaYwm4FDW
+K8FuxsACHeSh2se3CapbY/TNe24p7uxG5qZNqeUilDD/Pb0x1C2/HjRG7kkyr7G
vIkh2CnJJ5tXe4HQ9KHcnO9FbW/yL6DwoHmfjE2Scc1Ru4C1ehPHynUwkQIHNbYc
fmC5MuZvGLwWIcwSRpQy7CsXQbYr59P0JDKQmimsXZ+FVwM+6WkIor5N/4xywA0F
/q4u0oAWl2jTglZ8ARJlNhQpWSLPRd1U97a4ahTzPrVvE3p36SB+AK5qOBdQa3qx
+jiU7wAHGC0lfchbYSXf0FoAk9qguf4on4NoQv+ujkIk8NuH0FWNuVpeBHu7hAaa
VsJXhTWqfL58G10BJGFIhbKtsyfD/zpcxRovvYhA9Q6EZEEIEWg=
=PRuH
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYIieDeNLKJtyKPYoAQiCcRAAo3ysT21BroUOXUnNmPE6O8GhQmdPPzBJ
jpbllXUZtevRSsqvSeuW3uJwAcKbqOKZhjTMQQ0tZpWAUoXFY8xT9oSRsqHHNG1O
fKhfmEEna+cjfgJ+RXvyqotmqD2sN2x1sup8nue3cSHjeunEiP6p0MvY2xydIdtK
7Nk7GfFI2sgnH80JfZD7UD32eaePf8x1z2qVE2rGoGWna7U0LUyoPeDBQlCz14fM
UhhufiKIkY5eB8wKhUeeP6YPPPKtrNArIYoZ5YAldDk1FUFjwAm4ljGzC8eyH7ln
Un/Pk3JK0ZXJJe/rI8qvOBE4C38voWJjhaAbESsLz2BghmKESYx2XDYdwaAhu0ag
IZ6FsHb7o75+pgAWiHiSVfyj7/hKDl4Om7lbyd3FsDfaKJAPzqd1WnROaCK6I6AP
U2+pS5B3rdmDhoqEPOCD99nMSM/5kqhXMimacCdqn413gv8JRkVsxY+vxJAaTzuR
R7i18D4i+xLeGOGXvd34feGC4uFVcYsHAQpqdMLf4CjLxPNQgbyIZQpMDvvn5NVq
VoaQg3kucGoaLxiPgbVZWha2mMnY6cXTY2DQsqD8AWd8s1ogp0H6NkQtpo6wGsbv
0ZViTyIWTyTmkuEiUUaUyA3cYW2r/6Yl0kaAEB5js8hkNs01f2tLBfNW9ZMwImK7
p9GgMvknpwQ=
=DYKZ
-----END PGP SIGNATURE-----