Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - gstreamer-plugins-bad-free: Invalid memory read in gst_ps_demux_parse_psm (CVE-2017-5848)

  - The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before     1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted     tag value. (CVE-2016-10199)

  - The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer     before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash)     via a crafted video file. (CVE-2017-5837)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - gdk-pixbuf: Heap-based buffer overflow in the gdk_pixbuf_flip function (CVE-2015-7552)

  - gstreamer-plugins-good: Heap buffer overflow in FLIC decoder (CVE-2016-9636)

  - The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer     before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a     crafted audio file. (CVE-2016-10198)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2060 advisory.

    clutter-gst2     [2.0.18-1]
    - Update to 2.0.18
    - Remove obsolete patches
    - Use license macro for COPYING
    - Resolves: #1386833

    gnome-video-effects     [0.4.3-1]
    - Update to 0.4.3
    - Resolves: #1386968

    [0.4.1-5]
    - Fix URL (rhbz#1380981)

    gstreamer-plugins-bad-free     [0.10.23-23]
    - Rebuild with hardened flags     Resolves: #1420764

    gstreamer-plugins-good     [0.10.31-13]
    - Rebuild with correct hardening flags       Resolves: #1420765

    gstreamer1     [1.10.4-2]
    - fix origin
    - Resolves: #1420650

    [1.10.4-1]
    - Update to 1.10.4
    - update patches
    - Resolves: #1420650

    gstreamer1-plugins-bad-free     [1.10.4-2]
    - Disable plugins
    - Fix origin
    - Resolves: #1429587

    [1.10.4-1]
    - Update to 1.10.4
    - Remove unbuilt plugins
    - Resolves: #1429587

    gstreamer1-plugins-base     [1.10.4-1]
    - Update to 1.10.4
    - Resolves: #1428918

    [1.4.5-3]
    - Fix unit test on ppc64
    - Resolves: #1265905

    gstreamer1-plugins-good     [1.10.4-2]
    - Fix origin       Resolves: #1429577

    [1.10.4-1]
    - Update to 1.10.4       Resolves: #1429577

    orc     [0.4.26-1]
    - Update to 0.4.26
    - Remove upstreamed patches
    - Resolves: #1430051

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Several issues have been found in gst-plugins-bad0.10, a package containing GStreamer plugins from the 'bad' set.

All issues are about use-after-free, out of bounds reads or buffer overflow in different modules.

For Debian 8 'Jessie', these problems have been fixed in version 0.10.23-7.4+deb8u3.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the gstreamer packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Multiple flaws were found in gstreamer1,     gstreamer1-plugins-base, gstreamer1-plugins-good, and     gstreamer1-plugins-bad-free packages. An attacker could     potentially use these flaws to crash applications which     use the GStreamer framework. (CVE-2016-9446,     CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,     CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,     CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,     CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,     CVE-2017-5845, CVE-2017-5848)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

GStreamer is a streaming media framework based on graphs of filters which operate on media data.

The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es) :

* Multiple flaws were found in gstreamer1, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-bad-free packages. An attacker could potentially use these flaws to crash applications which use the GStreamer framework. (CVE-2016-9446, CVE-2016-9810, CVE-2016-9811, CVE-2016-10198, CVE-2016-10199, CVE-2017-5837, CVE-2017-5838, CVE-2017-5839, CVE-2017-5840, CVE-2017-5841, CVE-2017-5842, CVE-2017-5843, CVE-2017-5844, CVE-2017-5845, CVE-2017-5848)

Additional Changes :

For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

The following packages have been upgraded to a later upstream version:
clutter-gst2 (2.0.18), gnome-video-effects (0.4.3), gstreamer1 (1.10.4), gstreamer1-plugins-bad-free (1.10.4), gstreamer1-plugins-base (1.10.4), gstreamer1-plugins-good (1.10.4), orc (0.4.26).

Security Fix(es) :

  - Multiple flaws were found in gstreamer1,     gstreamer1-plugins-base, gstreamer1-plugins-good, and     gstreamer1-plugins-bad-free packages. An attacker could     potentially use these flaws to crash applications which     use the GStreamer framework. (CVE-2016-9446,     CVE-2016-9810, CVE-2016-9811, CVE-2016-10198,     CVE-2016-10199, CVE-2017-5837, CVE-2017-5838,     CVE-2017-5839, CVE-2017-5840, CVE-2017-5841,     CVE-2017-5842, CVE-2017-5843, CVE-2017-5844,     CVE-2017-5845, CVE-2017-5848)

New GStreamer release

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-201705-10 (GStreamer plug-ins: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been discovered in various GStreamer       plug-ins. Please review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user or automated system using a       GStreamer plug-in to process a specially crafted file, resulting in the       execution of arbitrary code or a Denial of Service.
  Workaround :

    There is no known workaround at this time.

This update for gstreamer-plugins-bad fixes the following issues :

Security issues fixed :

  - CVE-2017-5843: set stream tags to NULL after unrefing     (bsc#1024044).

  - CVE-2017-5848: rewrite PSM parsing to add bounds     checking (bsc#1024068).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

This update for gstreamer-plugins-bad fixes the following issues:
Security issues fixed :

  - CVE-2017-5843: set stream tags to NULL after unrefing     (bsc#1024044).

  - CVE-2017-5848: rewrite PSM parsing to add bounds     checking (bsc#1024068).

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Hanno Boeck discovered multiple vulnerabilities in the GStreamer media framework and its codecs and demuxers, which may result in denial of service or the execution of arbitrary code if a malformed media file is opened.

Security fix for CVE-2017-5848, CVE-2017-5843 - Downgrade to 1.10.3 as it is the latest stable release

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Some memory management issues were found in the GStreamer 'bad' plugins :

CVE-2017-5843

A use after free issue was found in the mxfdemux element, which can can be triggered via a maliciously crafted file.

CVE-2017-5848

The psdemux was vulnerable to several invalid reads, which could be triggered via a maliciously crafted file.

For Debian 7 'Wheezy', these problems have been fixed in version 0.10.23-7.1+deb7u5.

We recommend that you upgrade your gst-plugins-bad0.10 packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
200051	RHEL 6 : mingw-virt-viewer (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
200042	RHEL 7 : mingw-virt-viewer (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	critical
180851	Oracle Linux 7 : GStreamer (ELSA-2017-2060)	Nessus	Oracle Linux Local Security Checks	high
135099	Debian DLA-2164-1 : gst-plugins-bad0.10 security update	Nessus	Debian Local Security Checks	high
103064	EulerOS 2.0 SP2 : gstreamer (EulerOS-SA-2017-1206)	Nessus	Huawei Local Security Checks	high
103063	EulerOS 2.0 SP1 : gstreamer (EulerOS-SA-2017-1205)	Nessus	Huawei Local Security Checks	high
102752	CentOS 7 : clutter-gst2 / gnome-video-effects / gstreamer-plugins-bad-free / etcgstreamer1 / etc (CESA-2017:2060)	Nessus	CentOS Local Security Checks	high
102659	Scientific Linux Security Update : GStreamer on SL7.x x86_64 (20170802)	Nessus	Scientific Linux Local Security Checks	high
102150	RHEL 7 : GStreamer (RHSA-2017:2060)	Nessus	Red Hat Local Security Checks	high
101698	Fedora 26 : gst-editing-services / gstreamer1 / gstreamer1-plugin-mpg123 / etc (2017-a7373b6432)	Nessus	Fedora Local Security Checks	high
100263	GLSA-201705-10 : GStreamer plug-ins: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	critical
99448	openSUSE Security Update : gstreamer-plugins-bad (openSUSE-2017-479)	Nessus	SuSE Local Security Checks	high
99261	SUSE SLED12 / SLES12 Security Update : gstreamer-plugins-bad (SUSE-SU-2017:0962-1)	Nessus	SuSE Local Security Checks	high
99004	Debian DSA-3818-1 : gst-plugins-bad1.0 - security update	Nessus	Debian Local Security Checks	high
97241	Fedora 25 : mingw-gstreamer1-plugins-bad-free (2017-216f4b9f9d)	Nessus	Fedora Local Security Checks	high
97235	Debian DLA-830-1 : gst-plugins-bad0.10 security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2017-5843

high

Tenable Plugins

high

critical

high

high

high

high

high

high

high

high

critical

high

high

high

high

high