ALT-PU-2019-1701-1
Package gstreamer1.0 updated to version 1.16.0-alt1 for branch sisyphus in task 227450.
Closed vulnerabilities
Published: 2019-04-22
BDU:2019-02505
Уязвимость синтаксического анализатора RTSP-соединений мультимедийного фреймворка Gstreamer, позволяющая нарушителю выполнить произвольный код
Severity: HIGH (8.8)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Published: 2019-04-24
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2019-9928
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- openSUSE-SU-2019:1639
- openSUSE-SU-2019:1638
- openSUSE-SU-2020:0678
- https://gstreamer.freedesktop.org/security/
- https://gstreamer.freedesktop.org/security/sa-2019-0001.html
- [debian-lts-announce] 20190428 [SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update
- [debian-lts-announce] 20190428 [SECURITY] [DLA 1770-1] gst-plugins-base1.0 security update
- 20190429 [SECURITY] [DSA 4437-1] gst-plugins-base1.0 security update
- GLSA-202003-33
- USN-3958-1
- DSA-4437
- openSUSE-SU-2019:1639
- DSA-4437
- USN-3958-1
- GLSA-202003-33
- 20190429 [SECURITY] [DSA 4437-1] gst-plugins-base1.0 security update
- [debian-lts-announce] 20190428 [SECURITY] [DLA 1770-1] gst-plugins-base1.0 security update
- [debian-lts-announce] 20190428 [SECURITY] [DLA 1769-1] gst-plugins-base0.10 security update
- https://gstreamer.freedesktop.org/security/sa-2019-0001.html
- https://gstreamer.freedesktop.org/security/
- openSUSE-SU-2020:0678
- openSUSE-SU-2019:1638