EulerOS 2.0 SP2 : gstreamer1-plugins-good (EulerOS-SA-2017-1065)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the gstreamer1-plugins-good package
installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'write count' that
goes beyond the initialized buffer.(CVE-2016-9636)

- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) by providing a 'skip count' that
goes beyond initialized buffer.(CVE-2016-9635)

- Heap-based buffer overflow in the flx_decode_delta_fli
function in gst/flx/gstflxdec.c in the FLIC decoder in
GStreamer before 1.10.2 allows remote attackers to
execute arbitrary code or cause a denial of service
(application crash) via the start_line
parameter.(CVE-2016-9634)

- The FLIC decoder in GStreamer before 1.10.2 allows
remote attackers to cause a denial of service
(out-of-bounds write and crash) via a crafted series of
skip and count pairs.(CVE-2016-9808)

- The flx_decode_chunks function in gst/flx/gstflxdec.c
in GStreamer before 1.10.2 allows remote attackers to
cause a denial of service (invalid memory read and
crash) via a crafted FLIC file.(CVE-2016-9807)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?36437d9f

Solution :

Update the affected gstreamer1-plugins-good packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.2
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 99912 ()

Bugtraq ID:

CVE ID: CVE-2016-9634
CVE-2016-9635
CVE-2016-9636
CVE-2016-9807
CVE-2016-9808

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now