RHEL 7 : GStreamer (RHSA-2017:2060)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

GStreamer is a streaming media framework based on graphs of filters
which operate on media data.

The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1
(1.10.4), gstreamer1-plugins-bad-free (1.10.4),
gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4),
orc (0.4.26).

Security Fix(es) :

* Multiple flaws were found in gstreamer1, gstreamer1-plugins-base,
gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An
attacker could potentially use these flaws to crash applications which
use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810,
CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837,
CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,
CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845,
CVE-2017-5848)

Additional Changes :

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.4 Release Notes linked from the References section.

See also :

http://www.nessus.org/u?70a6f8bb
http://rhn.redhat.com/errata/RHSA-2017-2060.html
https://www.redhat.com/security/data/cve/CVE-2016-10198.html
https://www.redhat.com/security/data/cve/CVE-2016-10199.html
https://www.redhat.com/security/data/cve/CVE-2016-9446.html
https://www.redhat.com/security/data/cve/CVE-2016-9810.html
https://www.redhat.com/security/data/cve/CVE-2016-9811.html
https://www.redhat.com/security/data/cve/CVE-2017-5837.html
https://www.redhat.com/security/data/cve/CVE-2017-5838.html
https://www.redhat.com/security/data/cve/CVE-2017-5839.html
https://www.redhat.com/security/data/cve/CVE-2017-5840.html
https://www.redhat.com/security/data/cve/CVE-2017-5841.html
https://www.redhat.com/security/data/cve/CVE-2017-5842.html
https://www.redhat.com/security/data/cve/CVE-2017-5843.html
https://www.redhat.com/security/data/cve/CVE-2017-5844.html
https://www.redhat.com/security/data/cve/CVE-2017-5845.html
https://www.redhat.com/security/data/cve/CVE-2017-5848.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.9
(CVSS2#E:POC/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now