FS#52335 - [gstreamer0.10-bad-plugins] arbitrary code execution (CVE-2016-9447)
Attached to Project:
Arch Linux
Opened by Santiago Torres (sangy) - Monday, 02 January 2017, 17:56 GMT
Last edited by Jan de Groot (JGC) - Monday, 23 January 2017, 15:12 GMT
Opened by Santiago Torres (sangy) - Monday, 02 January 2017, 17:56 GMT
Last edited by Jan de Groot (JGC) - Monday, 23 January 2017, 15:12 GMT
|
Details
Summary
======= The package gstreamer0.10-bad-plugins is vulnerable to arbitrary code execution via CVE-2016-9447. Guidance ======== I spoke with the people at #gstreamer, and it seems that the only workaround is to actually *remove* the plugin. They do not intend on patching the 0.10.x version of the plugins. (I attached the irc log just for completeness :]) References ========== https://security.archlinux.org/AVG-125 http://www.openwall.com/lists/oss-security/2016/11/18/13 https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html |
This task depends upon
Closed by Jan de Groot (JGC)
Monday, 23 January 2017, 15:12 GMT
Reason for closing: Won't fix
Additional comments about closing: Package removed.
Monday, 23 January 2017, 15:12 GMT
Reason for closing: Won't fix
Additional comments about closing: Package removed.