Synopsis: Moderate: gstreamer1-plugins-bad-free security update Advisory ID: SLSA-2017:0021-1 Issue Date: 2017-01-05 CVE Numbers: CVE-2016-9445 CVE-2016-9809 CVE-2016-9812 CVE-2016-9813 -- Security Fix(es): * An integer overflow flaw, leading to a heap-based buffer overflow, was found in GStreamer's VMware VMnc video file format decoding plug-in. A remote attacker could use this flaw to cause an application using GStreamer to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2016-9445) * Multiple flaws were discovered in GStreamer's H.264 and MPEG-TS plug- ins. A remote attacker could use these flaws to cause an application using GStreamer to crash. (CVE-2016-9809, CVE-2016-9812, CVE-2016-9813) -- SL7 x86_64 gstreamer1-plugins-bad-free-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-debuginfo-1.4.5-6.el7_3.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.i686.rpm gstreamer1-plugins-bad-free-devel-1.4.5-6.el7_3.x86_64.rpm - Scientific Linux Development Team