An update for gstreamer-plugins-bad-free is now available for Red Hat EnterpriseLinux 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters whichoperate on media data.

The gstreamer-plugins-bad-free package contains acollection of plug-ins for GStreamer.Security Fix(es):* An integer overflow flaw, leading to a heap-based buffer overflow, was foundin GStreamer’s VMware VMnc video file format decoding plug-in.

A remote attackercould use this flaw to cause an application using GStreamer to crash or,potentially, execute arbitrary code with the privileges of the user running theapplication. (CVE-2016-9445)* A memory corruption flaw was found in GStreamer’s Nintendo NSF music fileformat decoding plug-in.

A remote attacker could use this flaw to cause anapplication using GStreamer to crash or, potentially, execute arbitrary codewith the privileges of the user running the application. (CVE-2016-9447)* An out-of-bounds heap read flaw was found in GStreamer’s H.264 parser.

Aremote attacker could use this flaw to cause an application using GStreamer tocrash. (CVE-2016-9809)Note: This update removes the vulnerable Nintendo NSF plug-in.
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.src.rpm
    MD5: 9a5b8ee38f24bb1b9e0de19cd2e08272SHA-256: 794ae2c67fd851b276b6bba317409ad32fd0b6850fe52891e121e3e2179f952e
 
x86_64:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.i686.rpm
    MD5: 56f0a13dcd7dbf408b9422eaa491cd99SHA-256: f4dfdf55616ac87cb4b952eb501f86dcfce3af3e5e1cd907bb20a167d4a65b01
gstreamer-plugins-bad-free-0.10.23-22.el7_3.x86_64.rpm
    MD5: ec02d38db9f0ebdbb23d59f2d8f8ec9dSHA-256: 7dd3f0b5da6b8dd46cc5d8ed4b2232ebe2dec977fb0d44d44e9af7e2415b54a6
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm
    MD5: d6f2c3f200d47a961f9aeb2eb528cb7cSHA-256: 44bc59506fe291c3bd5a232a9c5fd5fd051595b827a99076982e928579427230
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm
    MD5: 6fe6b83af1ea79da26697b0bb4b97081SHA-256: 987b5e942222d7a025d50996344fe4085a4b6ada13f8277ed2e17f42fa47d01b
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.i686.rpm
    MD5: be1f14b8e99cff73ac95b26f96a48113SHA-256: 0491af411802d3685c244e88bbaff5ed20c249dfe7c9449c2778b225f5f59f18
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.x86_64.rpm
    MD5: 067ea323d3cfb0a549d419639e874f1cSHA-256: 1e02a5469c60478f70cb89b5dc4e065a6e85dd90e51afeb523a5df02c623dd42
gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.x86_64.rpm
    MD5: 34139699f2ea15f8bf3b5d83df4abad4SHA-256: 0bb8528281d1756e208434e2d2404a77c14392a484c3ba4ac29fc9da4abf8902
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.src.rpm
    MD5: 9a5b8ee38f24bb1b9e0de19cd2e08272SHA-256: 794ae2c67fd851b276b6bba317409ad32fd0b6850fe52891e121e3e2179f952e
 
PPC:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.ppc.rpm
    MD5: b8539acab6ceea7ec70e4365708f5495SHA-256: 3f381846605a129d14e5a9599041136b8abdd206dd02985fae61595201e75708
gstreamer-plugins-bad-free-0.10.23-22.el7_3.ppc64.rpm
    MD5: ceb6438719a4b3d49b1a11a997f36475SHA-256: 7340d0e37f4fff5b8eea168088c02b851bc094e26724f9d5ff00a6d2104a9220
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc.rpm
    MD5: 073a6487e0cfbdf0a8e441b016d086f5SHA-256: 1954bb26dcce7e285c74e6fa027aff8d3e2272fc4f268951ce1e153adc1e57d7
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc64.rpm
    MD5: 497045fed0f611a94dd0fb8f154df0acSHA-256: 04038489779aa09f74b7b652ae777f5e29fce2f05351c632732c15193dc1a084
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.ppc.rpm
    MD5: f8e71d092e4f519bdd2263fcf2b6e250SHA-256: 86329951e918d2b6dce830da16ed9dc3def7a1d9794926f8ee941492a4128d17
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.ppc64.rpm
    MD5: 7e9387d3d38810ecdbfbff789d6164f3SHA-256: 2fb8693b28df66f23f28f3fda6335b1e2284a834730e30d61695fd3a1bcc19d9
gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.ppc64.rpm
    MD5: f6341bd9ceb7ec6db07534e7217e04b4SHA-256: f842afe0f0456e203d5953552be67655f090b5a9ccd4dbbe99d2b6f8702a7e12
 
PPC64LE:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.ppc64le.rpm
    MD5: 27cb61218b88e57640c813d318abcd17SHA-256: 5f45dc48d29acd29c3c899d542a48e87b0817e3346b51844a313c8f15929853d
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.ppc64le.rpm
    MD5: 510fcb5e91345162fc6a11cfd85bfc1aSHA-256: c65a1037ee8dec5ee872fd4b24e5478943d2f24be8fdb9d90d722b9a322b7bfc
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.ppc64le.rpm
    MD5: df5877b18a0496f5132f37b0fcf17c36SHA-256: a642af94331f57345eadf762bf556f97c0e5d7a9b669ed3561475cc0df76f17b
gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.ppc64le.rpm
    MD5: 791167f415ea316f2ba80fc5fa5f87e2SHA-256: 3e736a5326c1662a7adf123db12fcde354ba4958cf198255b467c74eba85aad9
 
s390x:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.s390.rpm
    MD5: 64deac652aed966c339833cb3215c175SHA-256: 4fc15651262e3dbf1c223a2f53fa498607000bb7ad906e3fbf5ba1882669dee5
gstreamer-plugins-bad-free-0.10.23-22.el7_3.s390x.rpm
    MD5: 73c1b16e8d632a443ece67dd8a67beefSHA-256: 2a1f552850a0a99f65e03c1d7b654e8eac3dea58558c971f8899e2c5fd082a2b
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.s390.rpm
    MD5: 1dd2b4adfbdc5f0a360539e91a014a7aSHA-256: 38b5d37ef9b27c73a5d58300013c14e1ad99b33db761b6a0716fa367a445cfa0
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.s390x.rpm
    MD5: 7fc953c13b72a42d0421b7a0489c29c3SHA-256: 0d06a68d7eedbd4285c39a2cea17d543508d2c8138a933f7aa3a4610fec7175a
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.s390.rpm
    MD5: fcc56b41c46c2bef1fa89233f54a6e46SHA-256: 001091b2e75e4a67abcc8a2e10e3544be6157f35d16da4f0508a6bcf02c48989
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.s390x.rpm
    MD5: b9c4c4fb9ea05451c2d08a47cda2c4e9SHA-256: 9459e2f5ac9742559759991d30d49307df0bf0a2a505914ce196a0b43fbe2827
gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.s390x.rpm
    MD5: ca8680586cad1c59d843e998fe511147SHA-256: 41a8f2780bc864ee791e4de0ba247ebb956e1ce3e203351750cb60802d7def73
 
x86_64:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.i686.rpm
    MD5: 56f0a13dcd7dbf408b9422eaa491cd99SHA-256: f4dfdf55616ac87cb4b952eb501f86dcfce3af3e5e1cd907bb20a167d4a65b01
gstreamer-plugins-bad-free-0.10.23-22.el7_3.x86_64.rpm
    MD5: ec02d38db9f0ebdbb23d59f2d8f8ec9dSHA-256: 7dd3f0b5da6b8dd46cc5d8ed4b2232ebe2dec977fb0d44d44e9af7e2415b54a6
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm
    MD5: d6f2c3f200d47a961f9aeb2eb528cb7cSHA-256: 44bc59506fe291c3bd5a232a9c5fd5fd051595b827a99076982e928579427230
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm
    MD5: 6fe6b83af1ea79da26697b0bb4b97081SHA-256: 987b5e942222d7a025d50996344fe4085a4b6ada13f8277ed2e17f42fa47d01b
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.i686.rpm
    MD5: be1f14b8e99cff73ac95b26f96a48113SHA-256: 0491af411802d3685c244e88bbaff5ed20c249dfe7c9449c2778b225f5f59f18
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.x86_64.rpm
    MD5: 067ea323d3cfb0a549d419639e874f1cSHA-256: 1e02a5469c60478f70cb89b5dc4e065a6e85dd90e51afeb523a5df02c623dd42
gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.x86_64.rpm
    MD5: 34139699f2ea15f8bf3b5d83df4abad4SHA-256: 0bb8528281d1756e208434e2d2404a77c14392a484c3ba4ac29fc9da4abf8902
 
Red Hat Enterprise Linux Server TUS (v. 7.3)

SRPMS:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.src.rpm
    MD5: 9a5b8ee38f24bb1b9e0de19cd2e08272SHA-256: 794ae2c67fd851b276b6bba317409ad32fd0b6850fe52891e121e3e2179f952e
 
x86_64:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.i686.rpm
    MD5: 56f0a13dcd7dbf408b9422eaa491cd99SHA-256: f4dfdf55616ac87cb4b952eb501f86dcfce3af3e5e1cd907bb20a167d4a65b01
gstreamer-plugins-bad-free-0.10.23-22.el7_3.x86_64.rpm
    MD5: ec02d38db9f0ebdbb23d59f2d8f8ec9dSHA-256: 7dd3f0b5da6b8dd46cc5d8ed4b2232ebe2dec977fb0d44d44e9af7e2415b54a6
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm
    MD5: d6f2c3f200d47a961f9aeb2eb528cb7cSHA-256: 44bc59506fe291c3bd5a232a9c5fd5fd051595b827a99076982e928579427230
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm
    MD5: 6fe6b83af1ea79da26697b0bb4b97081SHA-256: 987b5e942222d7a025d50996344fe4085a4b6ada13f8277ed2e17f42fa47d01b
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.i686.rpm
    MD5: be1f14b8e99cff73ac95b26f96a48113SHA-256: 0491af411802d3685c244e88bbaff5ed20c249dfe7c9449c2778b225f5f59f18
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.x86_64.rpm
    MD5: 067ea323d3cfb0a549d419639e874f1cSHA-256: 1e02a5469c60478f70cb89b5dc4e065a6e85dd90e51afeb523a5df02c623dd42
gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.x86_64.rpm
    MD5: 34139699f2ea15f8bf3b5d83df4abad4SHA-256: 0bb8528281d1756e208434e2d2404a77c14392a484c3ba4ac29fc9da4abf8902
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.src.rpm
    MD5: 9a5b8ee38f24bb1b9e0de19cd2e08272SHA-256: 794ae2c67fd851b276b6bba317409ad32fd0b6850fe52891e121e3e2179f952e
 
x86_64:
gstreamer-plugins-bad-free-0.10.23-22.el7_3.i686.rpm
    MD5: 56f0a13dcd7dbf408b9422eaa491cd99SHA-256: f4dfdf55616ac87cb4b952eb501f86dcfce3af3e5e1cd907bb20a167d4a65b01
gstreamer-plugins-bad-free-0.10.23-22.el7_3.x86_64.rpm
    MD5: ec02d38db9f0ebdbb23d59f2d8f8ec9dSHA-256: 7dd3f0b5da6b8dd46cc5d8ed4b2232ebe2dec977fb0d44d44e9af7e2415b54a6
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.i686.rpm
    MD5: d6f2c3f200d47a961f9aeb2eb528cb7cSHA-256: 44bc59506fe291c3bd5a232a9c5fd5fd051595b827a99076982e928579427230
gstreamer-plugins-bad-free-debuginfo-0.10.23-22.el7_3.x86_64.rpm
    MD5: 6fe6b83af1ea79da26697b0bb4b97081SHA-256: 987b5e942222d7a025d50996344fe4085a4b6ada13f8277ed2e17f42fa47d01b
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.i686.rpm
    MD5: be1f14b8e99cff73ac95b26f96a48113SHA-256: 0491af411802d3685c244e88bbaff5ed20c249dfe7c9449c2778b225f5f59f18
gstreamer-plugins-bad-free-devel-0.10.23-22.el7_3.x86_64.rpm
    MD5: 067ea323d3cfb0a549d419639e874f1cSHA-256: 1e02a5469c60478f70cb89b5dc4e065a6e85dd90e51afeb523a5df02c623dd42
gstreamer-plugins-bad-free-devel-docs-0.10.23-22.el7_3.x86_64.rpm
    MD5: 34139699f2ea15f8bf3b5d83df4abad4SHA-256: 0bb8528281d1756e208434e2d2404a77c14392a484c3ba4ac29fc9da4abf8902
 
(The unlinked packages above are only available from the Red Hat Network)

1395126 – CVE-2016-9447 gstreamer-plugins-bad-free: Memory corruption flaw in NSF decoder1395767 – CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder1401880 – CVE-2016-9809 gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_caps

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply