Security Information / 2016 / Security Information -- DSA-3713-1 gst-plugins-bad0.10

Debian Security Advisory

DSA-3713-1 gst-plugins-bad0.10 -- security update

Date Reported:

15 Nov 2016

Affected Packages:

gst-plugins-bad0.10

Vulnerable:

Yes

Security database references:

No other external database security references currently available.

More information:

Chris Evans discovered that the GStreamer 0.10 plugin to decode NES Sound Format files allowed the execution of arbitrary code. Further details can be found in his advisory at http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html.

For the stable distribution (jessie), this problem has been fixed in version 0.10.23-7.4+deb8u1.

The unstable distribution (sid) no longer contains Gstreamer 0.10.

We recommend that you upgrade your gst-plugins-bad0.10 packages.