Author: renodr
Date: Tue Mar 16 21:45:56 2021
New Revision: 1743
Log:
Security Advisories: Add 10.1-007 for gstreamer stack vulnerabilities
Modified:
html/trunk/blfs/advisories/10.1.html
html/trunk/blfs/advisories/consolidated.html
Modified: html/trunk/blfs/advisories/10.1.html
==============================================================================
--- html/trunk/blfs/advisories/10.1.html Mon Mar 15 22:09:00 2021
(r1742)
+++ html/trunk/blfs/advisories/10.1.html Tue Mar 16 21:45:56 2021
(r1743)
@@ -50,12 +50,23 @@
<!-- end of PackageName -->
<h3>GnuTLS</h3>
+
<h4>10.1 004 GnuTLS Date: 2021-03-12 Severity: Low</h4>
<p>The client sending a "key_share" or "pre_share_key" extension may
result in dereferencing a pointer no longer valid after realloc().
To fix this, upgrade to GnuTLS 3.7.1 or later versions.
<a href="consolidated.html#10.1-004">10.1-004</a></p>
+ <h3>Gstreamer</h3>
+ <h4>10.1 007 Gstreamer Date: 2021-03-16 Severity: High</h4>
+ <p>Five security vulnerabilities were fixed in gstreamer-1.18.4.
+ These vulnerabilities may lead to arbitrary code execution and
+ application crashes. To fix this, upgrade the gstreamer stack
+ to 1.18.4 or later.
+ <a href="consolidated.html#10.1-007">10.1-007</a></p>
+
+ <!-- end of gstreamer -->
+
<h3>MuPDF</h3>
<h4>10.1 003 MuPDF Date: 2021-03-10 Severity: Medium</h4>
Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html Mon Mar 15 22:09:00
2021 (r1742)
+++ html/trunk/blfs/advisories/consolidated.html Tue Mar 16 21:45:56
2021 (r1743)
@@ -80,6 +80,20 @@
<p>There are currently no known security vulnerabilities for the latest
releases of the books.</p>
-->
+ <a id="10.1-007">
+ <h4>10.1 007 Gstreamer Date: 2021-03-17 Severity: High</h4>
+ <p>In gstreamer-1.18.4 (including plugins), five high severity security
+ vulnerabilities were fixed. Two of them were in gst-plugins-good, one in
+ gst-plugins-ugly, one in gst-libav, and one in gst-plugins-base. Upon
+ successful exploitation, these vulnerabilities can lead to application
+ crashes and arbitrary code execution.
+ More details can be found at
+ <a href="https://gstreamer.freedesktop.org/security/";>GStreamer Security
Center</a>.</p>
+ <p>To fix these vulnerabilities, update the entire gstreamer stack to
1.18.4
+ using the instructions in the gstreamer pages, starting at
+ <a href="../view/svn/multimedia/gstreamer10.html">gstreamer (sysv)</a> or
+ <a href="../view/systemd/multimedia/gstreamer10.html">gstreamer
(systemd)</a>.</p>
+
<a id="10.1-006">
<h4>10.1 006 Wireshark Date: 2021-03-16 Severity: High</h4>
<p>In Wireshark-3.4.4, a 17-year-old security vulnerability was fixed that
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
