An update for gstreamer1-plugins-bad-free is now available for Red HatEnterprise Linux 7.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
GStreamer is a streaming media framework based on graphs of filters whichoperate on media data.

The gstreamer1-plugins-bad-free package contains acollection of plug-ins for GStreamer.Security Fix(es):* An integer overflow flaw, leading to a heap-based buffer overflow, was foundin GStreamer’s VMware VMnc video file format decoding plug-in.

A remote attackercould use this flaw to cause an application using GStreamer to crash or,potentially, execute arbitrary code with the privileges of the user running theapplication. (CVE-2016-9445)* Multiple flaws were discovered in GStreamer’s H.264 and MPEG-TS plug-ins.

Aremote attacker could use these flaws to cause an application using GStreamer tocrash. (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813)
Red Hat Enterprise Linux Desktop (v. 7)

SRPMS:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm
    MD5: f1b972e24d2f83fd00c12822762699bbSHA-256: 669aba86bc3d4c4c83de25943b744dcb41f0177dc39df3c86c42fa6ef684dbbd
 
x86_64:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm
    MD5: e782a667ebd7f35fb60869baec47f7c1SHA-256: e7b92af47a3b2dd40768fbabcc03b3c4b204e03149374353e14a6a78893801ad
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm
    MD5: 02d0dcd8176440cf10640bc78481b1a2SHA-256: eaf7c7c7496bd8b3c81fc6be1e13532b3bc8a84dde99b5b791bdfc4e4290feb0
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm
    MD5: 6f6f3e66fb3d78dcd87d9806ef51a2d2SHA-256: 1b367db491279cbfe51c38510345a81fe43b87972b7718181708d0c1b3ac8d12
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm
    MD5: a7aafcdabe0b3a795f804a3fa6235ce3SHA-256: badb1e0b6d218fe587cfc1b56f2b157b2408b5f4ffe4e8d683df6ecc1350e2da
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm
    MD5: a438a6b2b63503ebab7d838d992567aaSHA-256: 661cc4a4d9bb10ea2ab239301f33fc00e4b0219ce6a15780a053c64ac469c191
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm
    MD5: 1ca7168a7b88718a89e3b8be770c15e4SHA-256: fd0ea8e920f7c3c83e1fa533b9ca73a75842e635e2232392d362c1f91d675a9c
 
Red Hat Enterprise Linux HPC Node (v. 7)

SRPMS:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm
    MD5: f1b972e24d2f83fd00c12822762699bbSHA-256: 669aba86bc3d4c4c83de25943b744dcb41f0177dc39df3c86c42fa6ef684dbbd
 
x86_64:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm
    MD5: e782a667ebd7f35fb60869baec47f7c1SHA-256: e7b92af47a3b2dd40768fbabcc03b3c4b204e03149374353e14a6a78893801ad
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm
    MD5: 02d0dcd8176440cf10640bc78481b1a2SHA-256: eaf7c7c7496bd8b3c81fc6be1e13532b3bc8a84dde99b5b791bdfc4e4290feb0
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm
    MD5: 6f6f3e66fb3d78dcd87d9806ef51a2d2SHA-256: 1b367db491279cbfe51c38510345a81fe43b87972b7718181708d0c1b3ac8d12
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm
    MD5: a7aafcdabe0b3a795f804a3fa6235ce3SHA-256: badb1e0b6d218fe587cfc1b56f2b157b2408b5f4ffe4e8d683df6ecc1350e2da
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm
    MD5: a438a6b2b63503ebab7d838d992567aaSHA-256: 661cc4a4d9bb10ea2ab239301f33fc00e4b0219ce6a15780a053c64ac469c191
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm
    MD5: 1ca7168a7b88718a89e3b8be770c15e4SHA-256: fd0ea8e920f7c3c83e1fa533b9ca73a75842e635e2232392d362c1f91d675a9c
 
Red Hat Enterprise Linux Server (v. 7)

SRPMS:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm
    MD5: f1b972e24d2f83fd00c12822762699bbSHA-256: 669aba86bc3d4c4c83de25943b744dcb41f0177dc39df3c86c42fa6ef684dbbd
 
PPC:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.ppc.rpm
    MD5: e3bca4a0e1cc38fc8f580daf7165e7f9SHA-256: 931bcdf7b4c0157708b1fa50d08c6326d5344a9759d13b38fbe2d9351950a695
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.ppc64.rpm
    MD5: 0f4e168aff3ee3c332bbb56b0ea774d8SHA-256: c09c600e6ef411d7bf0874bb2ec4208d491f689310d15ae9994df22e57439bc2
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc.rpm
    MD5: ad19ac9152072d491661878fb1320d3bSHA-256: fd7792162018dbaaf67efff86b3d128465bf0cf75063aa3c08257e844b5c1a06
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc64.rpm
    MD5: 147963cb10716f990af18351ec87c737SHA-256: f3e34884e05a5df19b6f89b04c52fa7f74f4e1a6d33f04a3917ba1ef35b9c295
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.ppc.rpm
    MD5: c681987521915f2f2584b949cd247f3aSHA-256: 64e82e91f7c18920a5d0735a34401b2f548dbc4a4910db98c373e25697d09271
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.ppc64.rpm
    MD5: fe5d369309b38bae84d4ea7f507ad526SHA-256: 75bbf1c8f62d6ae79afb782c736798623f4a6d42ad8117eb5b31e8ac89b5f7a4
 
PPC64LE:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.ppc64le.rpm
    MD5: 6352ccfb9398b50dad20176a5da2d063SHA-256: 30fb1fe89c0ed3861eb68c057d8402587338536f6adecc71920f64df80051075
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.ppc64le.rpm
    MD5: b72d70b20621a5be1323caf63d05ca9aSHA-256: 6e8e282fe07740d63022ca12ee5ef65e3d2fa591f2b2d5e817b550c5869c0e3a
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.ppc64le.rpm
    MD5: 539a90acc3ffc72c6e17a691aa42d39bSHA-256: 3866bc99ad3fb565daea711bd5fe4380a97265d3a6c08c4d0077fef14667793c
 
s390x:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.s390.rpm
    MD5: 0472dfaa3d89d97ba30713c274e5f049SHA-256: 2f33d4f0cc81b96d1d68d0bc9680581f34475a8ebe298937645aaeb442c4efbd
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.s390x.rpm
    MD5: ab4ce6ff92f2017a13e94457157d75e1SHA-256: b6b61d685981eb05ab60b6f03b4065c6154828ae77b94f5e23c69e140ed5b00e
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.s390.rpm
    MD5: 90cf3926958e176e8c58c38aae669754SHA-256: 11284709ba3696e876f109e2e4ac8dd7296ce159c456a10307be790afefe3ffe
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.s390x.rpm
    MD5: fec16d5329097f9977432be2b5f41ecdSHA-256: 32c61ccf5a908135fa5590b9026e0ce3f986b88838c474a5e720c317971c4e4b
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.s390.rpm
    MD5: 61a3f98a9b329ff1472869d625d3a251SHA-256: 5f7b1402819517961604d8e134f2d85e5bef5e31daa54687650d740559693032
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.s390x.rpm
    MD5: 790374d0579c594431125f4605bd6550SHA-256: 9e87e4a781c7d16e64a8ec922559b3cb48f905fd392259611fac5ce7a591eb6d
 
x86_64:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm
    MD5: e782a667ebd7f35fb60869baec47f7c1SHA-256: e7b92af47a3b2dd40768fbabcc03b3c4b204e03149374353e14a6a78893801ad
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm
    MD5: 02d0dcd8176440cf10640bc78481b1a2SHA-256: eaf7c7c7496bd8b3c81fc6be1e13532b3bc8a84dde99b5b791bdfc4e4290feb0
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm
    MD5: 6f6f3e66fb3d78dcd87d9806ef51a2d2SHA-256: 1b367db491279cbfe51c38510345a81fe43b87972b7718181708d0c1b3ac8d12
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm
    MD5: a7aafcdabe0b3a795f804a3fa6235ce3SHA-256: badb1e0b6d218fe587cfc1b56f2b157b2408b5f4ffe4e8d683df6ecc1350e2da
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm
    MD5: a438a6b2b63503ebab7d838d992567aaSHA-256: 661cc4a4d9bb10ea2ab239301f33fc00e4b0219ce6a15780a053c64ac469c191
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm
    MD5: 1ca7168a7b88718a89e3b8be770c15e4SHA-256: fd0ea8e920f7c3c83e1fa533b9ca73a75842e635e2232392d362c1f91d675a9c
 
Red Hat Enterprise Linux Server TUS (v. 7.3)

SRPMS:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm
    MD5: f1b972e24d2f83fd00c12822762699bbSHA-256: 669aba86bc3d4c4c83de25943b744dcb41f0177dc39df3c86c42fa6ef684dbbd
 
x86_64:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm
    MD5: e782a667ebd7f35fb60869baec47f7c1SHA-256: e7b92af47a3b2dd40768fbabcc03b3c4b204e03149374353e14a6a78893801ad
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm
    MD5: 02d0dcd8176440cf10640bc78481b1a2SHA-256: eaf7c7c7496bd8b3c81fc6be1e13532b3bc8a84dde99b5b791bdfc4e4290feb0
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm
    MD5: 6f6f3e66fb3d78dcd87d9806ef51a2d2SHA-256: 1b367db491279cbfe51c38510345a81fe43b87972b7718181708d0c1b3ac8d12
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm
    MD5: a7aafcdabe0b3a795f804a3fa6235ce3SHA-256: badb1e0b6d218fe587cfc1b56f2b157b2408b5f4ffe4e8d683df6ecc1350e2da
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm
    MD5: a438a6b2b63503ebab7d838d992567aaSHA-256: 661cc4a4d9bb10ea2ab239301f33fc00e4b0219ce6a15780a053c64ac469c191
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm
    MD5: 1ca7168a7b88718a89e3b8be770c15e4SHA-256: fd0ea8e920f7c3c83e1fa533b9ca73a75842e635e2232392d362c1f91d675a9c
 
Red Hat Enterprise Linux Workstation (v. 7)

SRPMS:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.src.rpm
    MD5: f1b972e24d2f83fd00c12822762699bbSHA-256: 669aba86bc3d4c4c83de25943b744dcb41f0177dc39df3c86c42fa6ef684dbbd
 
x86_64:
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm
    MD5: e782a667ebd7f35fb60869baec47f7c1SHA-256: e7b92af47a3b2dd40768fbabcc03b3c4b204e03149374353e14a6a78893801ad
gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm
    MD5: 02d0dcd8176440cf10640bc78481b1a2SHA-256: eaf7c7c7496bd8b3c81fc6be1e13532b3bc8a84dde99b5b791bdfc4e4290feb0
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm
    MD5: 6f6f3e66fb3d78dcd87d9806ef51a2d2SHA-256: 1b367db491279cbfe51c38510345a81fe43b87972b7718181708d0c1b3ac8d12
gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm
    MD5: a7aafcdabe0b3a795f804a3fa6235ce3SHA-256: badb1e0b6d218fe587cfc1b56f2b157b2408b5f4ffe4e8d683df6ecc1350e2da
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm
    MD5: a438a6b2b63503ebab7d838d992567aaSHA-256: 661cc4a4d9bb10ea2ab239301f33fc00e4b0219ce6a15780a053c64ac469c191
gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm
    MD5: 1ca7168a7b88718a89e3b8be770c15e4SHA-256: fd0ea8e920f7c3c83e1fa533b9ca73a75842e635e2232392d362c1f91d675a9c
 
(The unlinked packages above are only available from the Red Hat Network)

1395767 – CVE-2016-9445 gstreamer-plugins-bad-free: Integer overflow when allocating render buffer in VMnc decoder1401880 – CVE-2016-9809 gstreamer-plugins-bad-free: Off-by-one read in gst_h264_parse_set_caps1401930 – CVE-2016-9812 gstreamer1-plugins-bad-free: Out-of-bounds read in gst_mpegts_section_new1401934 – CVE-2016-9813 gstreamer-plugins-bad-free: NULL pointer dereference in mpegts parser

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply