Detections
Analytics
Oracle Linux 9 : gstreamer1, / gstreamer1-plugins-bad-free, / gstreamer1-plugins-ugly-free, / and / gstreamer1-rtsp-server (ELSA-2025-7178)
high Nessus Plugin ID 237047
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7178 advisory.gstreamer1 [1.22.12-3]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-2]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-1]
- Update to 1.22.12
[1.22.9-1]
- 1.22.9
[1.22.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-1]
- 1.22.8
[1.22.7-2]
- Set cap information correctly
- Resolves: rhbz#2238703
[1.22.7-1]
- 1.22.7
[1.22.6-1]
- 1.22.6
[1.22.5-1]
- Update to 1.22.5
[1.22.4-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
[1.22.4-1]
- 1.22.4
[1.22.3-2]
- Do setcap on gst-ptp-helper to give the right permissions.
[1.22.3-1]
- Update to 1.22.3
[1.22.2-1]
- Update to 1.22.2
[1.22.1-1]
- Update to 1.22.1
[1.22.0-1]
- Update to 1.22.0
[1.21.90-1]
- Update to 1.21.90
[1.20.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
[1.20.5-1]
- Update to 1.20.5
gstreamer1-plugins-bad-free [1.22.12-3]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-2]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-1]
- 1.22.12
[1.22.11-1]
- 1.22.11
[1.22.9-3]
- Add gstreamer1-plugin-openh264 subpackage with the openh264 plugin
[1.22.9-2]
- Rebuilt for opencv-4.9.0
[1.22.9-1]
- 1.22.9
[1.22.8-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-3]
- Backport of 'va: fixes for Mesa driver'
- Resolves: rhbz#2256693
[1.22.8-2]
- Enable dvbsuboverlay and siren plugins
- Enable avtp, dtsdec, and flite plugins in extras
[1.22.8-1]
- 1.22.8
[1.22.7-2]
- Move gstva from extras into main package
[1.22.7-1]
- 1.22.7
[1.22.5-2]
- Separate libs subpackage
- Enable opencv as separate subpackage
[1.22.5-1]
- Update to 1.22.5
[1.22.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
[1.22.3-1]
- Update to 1.22.3
[1.22.2-4]
- Remove obsolete of plugins-bad-freeworld to workaround a dnf bug https://bugzilla.redhat.com/show_bug.cgi?id=1867376#c9
[1.22.2-3]
- Fix migration of musepack and voamrwbenc to -bad-free-extras
[1.22.2-2]
- Enable musepack and voamrwbenc in extras
[1.22.2-1]
- Update to 1.22.2
[1.22.1-1]
- Update to 1.22.1
[1.22.0-1]
- Update to 1.22.0
[1.21.90-1]
- Update to 1.21.90
[1.20.5-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
[1.20.5-1]
- Update to 1.20.5
- Remove unwanted crypto dependencies.
[1.20.4-2]
- Drop vdpau configure option
- The libgstva plugin is now excluded from file listings when disabled
- Resolves: rhbz#2141093
gstreamer1-plugins-ugly-free [1.22.12-3]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-2]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-1]
- 1.22.12
[1.22.11-1]
- 1.22.11
[1.22.9-1]
- 1.22.9
[1.22.8-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-2]
- Enable asfdemux, dvdlpcmdec, dvdsub, and realmedia plugins
- Disable AMR plugins in RHEL builds
- Resolves: rhbz#2236889
[1.22.8-1]
- 1.22.8
[1.22.7-1]
- 1.22.7
[1.22.5-1]
- Update to 1.22.5
[1.22.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
[1.22.3-1]
- Update to 1.22.3
[1.22.2-1]
- Update to 1.22.2
[1.22.1-2]
- Rebuild for new AMR plugins.
gstreamer1-rtsp-server [1.22.12-3]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-2]
- Rebuild
- Resolves: RHEL-38511, RHEL-41157
[1.22.12-1]
- 1.22.12
[1.22.11-1]
- 1.22.11
[1.22.9-1]
- 1.22.9
[1.22.8-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
[1.22.8-1]
- 1.22.8
[1.22.7-1]
- 1.22.7
[1.22.5-1]
- Update to 1.22.5
[1.22.3-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
[1.22.3-1]
- Update to 1.22.3
[1.22.2-1]
- Update to 1.22.2
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 237047
File Name: oraclelinux_ELSA-2025-7178.nasl
Version: 1.1
Type: local
Agent: unix
Published: 5/22/2025
Updated: 5/22/2025
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2024-0444
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:oracle:linux:9:6:appstream_base, p-cpe:/a:oracle:linux:gstreamer1-plugins-ugly-free, p-cpe:/a:oracle:linux:gstreamer1-devel, p-cpe:/a:oracle:linux:gstreamer1, p-cpe:/a:oracle:linux:gstreamer1-plugins-bad-free, p-cpe:/a:oracle:linux:gstreamer1-plugins-bad-free-devel, p-cpe:/a:oracle:linux:gstreamer1-rtsp-server, p-cpe:/a:oracle:linux:gstreamer1-plugins-bad-free-libs, cpe:/a:oracle:linux:9::codeready_builder, cpe:/a:oracle:linux:9::appstream, cpe:/o:oracle:linux:9
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux
Exploit Ease: No known exploits are available
Patch Publication Date: 5/16/2025
Vulnerability Publication Date: 12/12/2023
Reference Information
CVE: CVE-2024-0444, CVE-2024-4453