This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CNPlCpbDMU4Wk4lRk2pmiMD3ePWV1FoJW Content-Type: multipart/mixed; boundary="T0WOgJSL7wx75NaaxGsq4mkP95ad3ubo9"; protected-headers="v1" From: Yury German <blueknight@gentoo.org> To: gentoo-announce@lists.gentoo.org Message-ID: <ac83db39-3168-7e34-2a8b-a6d67dd1d89f@gentoo.org> Subject: [ GLSA 201705-10 ] GStreamer plug-ins: User-assisted execution of arbitrary code
Multiple vulnerabilities have been discovered in various GStreamer plug-ins. Please review the CVE identifiers referenced below for details.
Impact ======
A remote attacker could entice a user or automated system using a GStreamer plug-in to process a specially crafted file, resulting in the execution of arbitrary code or a Denial of Service.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All gst-plugins-bad users should upgrade to the latest version:
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2017 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.