GStreamer, GStreamer Plugins: Multiple Vulnerabilities — GLSA 202208-31

Multiple vulnerabilities have been found in GStreamer and its plugins, the worst of which could result in arbitrary code execution.

Affected packages

media-libs/gst-plugins-bad on all architectures
Affected versions < 1.16.3
Unaffected versions >= 1.16.3
media-libs/gst-plugins-base on all architectures
Affected versions < 1.18.4
Unaffected versions >= 1.18.4
media-libs/gst-plugins-good on all architectures
Affected versions < 1.18.4
Unaffected versions >= 1.18.4
media-libs/gst-plugins-ugly on all architectures
Affected versions < 1.18.4
Unaffected versions >= 1.18.4
media-libs/gstreamer on all architectures
Affected versions < 1.20.2
Unaffected versions >= 1.20.2
media-plugins/gst-plugins-libav on all architectures
Affected versions < 1.18.4
Unaffected versions >= 1.18.4

Background

GStreamer is an open source multimedia framework.

Description

Multiple vulnerabilities have been found in GStreamer and its plugins. Please review the CVE and GStreamer-SA identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All GStreamer users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/gstreamer-1.20.2"
 

All gst-plugins-bad users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-bad-1.20.2"
 

All gst-plugins-good users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-good-1.20.2"
 

All gst-plugins-ugly users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-ugly-1.20.2"
 

All gst-plugins-base users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-libs/gst-plugins-base-1.20.2"
 

All gst-plugins-libav users should update to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-plugins/gst-plugins-libav-1.20.2"
 

References

Release date
August 14, 2022

Latest revision
August 14, 2022: 1

Severity
high

Exploitable
remote

Bugzilla entries