important: gstreamer1-plugins-bad-free/cups-filters security update
important
An update for gstreamer1-plugins-bad-free/cups-filters is now available for NewStart CGSL MAIN 7.02.
NewStart Security has rated this update as having a security impact of important. A Common Vunlnerability Scoring System(CVSS)base score, which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
gstreamer1-plugins-bad-free:
cups-filters:
Security Fix(es):
gstreamer1-plugins-bad-free: A heap-based buffer overflow vulnerability was found in GStreamer in the AV1 codec parser when handling certain malformed streams. A malicious third party could use this flaw to trigger a crash in the application and possibly affect code execution through heap manipulation.(CVE-2023-44429)
gstreamer1-plugins-bad-free: A use-after-free flaw was found in the MXF demuxer in GStreamer when handling certain MXF video files. This issue could allow a malicious third party to trigger a crash in the application and may allow code execution.(CVE-2023-44446)
gstreamer1-plugins-bad-free: A buffer overflow vulnerability was found in the gstreamer-plugins-bad plugin for the Gstreamer media framework. A successful attack may lead to an application crash or arbitrary code execution if malformed media files are opened.(CVE-2023-50186)
gstreamer1-plugins-bad-free: bugfix
cups-filters: A vulnerability was found in cups-filters. This security flaw occurs if you use beh to create an accessible network printer, possibly resulting in remote code execution.(CVE-2023-24805)
cups-filters: bugfix
Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
http://security.gd-linux.com/how_to_apply_patch.html
Remember the build tag is 7.02.03B8.