As BSI reviews, an IT safety warning in regards to the GStreamer vulnerability has acquired an replace. You can learn the way affected customers ought to behave right here.
Federal workplace for Security in Information Technology (BSI) revealed an replace on May 22, 2024 for the GStreamer safety vulnerability recognized on June 20, 2023. The safety vulnerability impacts Android, MacOS X and Windows functions and merchandise Amazon Linux 2, Red Hat Enterprise Linux, Fedora Linux, Ubuntu Linux, SUSE Linux, Xerox FreeFlow Print Server and Open Source GStreamer.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability could be discovered right here: Red Hat Security Advisory RHSA-2024:3088 (From 22 May 2024). Some helpful hyperlinks are listed later on this article.
GStreamer safety discover – Vulnerability: average
Risk stage: 3 (average)
CVSS Base Score: 6.5
CVSS provisional rating: 5,7
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc programs. The CVSS customary makes it attainable to match potential or precise safety dangers based mostly on numerous metrics to be able to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. For non permanent impact, body situations which will change over time are thought-about within the take a look at. According to CVSS, the present vulnerability risk is taken into account “average” with 6.5 foundation factors.
GStreamer Bug: Multiple vulnerabilities enable a denial of service
GStreamer is a multimedia framework with plugin-based structure for numerous platforms.
A distant, unknown attacker might exploit a number of vulnerabilities in GStreamer to carry out a denial of service assault.
Vulnerabilities are recognized by distinctive CVE (Common Vulnerabilities and Exposures) product numbers. CVE-2023-37327, CVE-2023-37328 and CVE-2023-37329 on the market.
Systems affected by the GStreamer vulnerability at a look
Operating programs
Android, MacOS X, Windows
Products
Amazon Linux 2 (cpe:/o:amazon:linux_2)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Fedora Linux (cpe:/o:fedoraproject:fedora)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
SUSE Linux (cpe:/o:use:suse_linux)
Xerox FreeFlow Print Server v7 (cpe:/a:xerox:freeflow_print_server)
Xerox FreeFlow Print Server v9 (cpe:/a:xerox:freeflow_print_server)
GStreamer is open supply
General steps for coping with IT vulnerabilities
- Users of affected programs ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by creating a patch or workaround. If safety patches can be found, set up them instantly.
- For data, see the sources listed within the subsequent part. This typically accommodates further details about the most recent model of the software program in query and the supply of safety patches or efficiency suggestions.
- If you’ve any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to examine each time a producing firm makes a brand new safety replace obtainable.
Manufacturer details about updates, patches and workarounds
Here you will see some hyperlinks with details about bug reviews, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3088 vom 2024-05-22 (22.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:3089 vom 2024-05-22 (21.05.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2303 vom 2024-04-30 (29.04.2024)
For extra data, see:
Red Hat Security Advisory RHSA-2024:2302 vom 2024-04-30 (29.04.2024)
For extra data, see:
XEROX Security Advisory XRX24-004 vom 2024-03-04 (03.03.2024)
For extra data, see:
XEROX Security Advisory XRX24-005 vom 2024-03-04 (03.03.2024)
For extra data, see:
SUSE Security Update SUSE-SU-2023:4971-1 vom 2023-12-25 (26.12.2023)
For extra data, see:
Fedora Security Advisory FEDORA-2023-0984B63B23 vom 2023-12-16 (17.12.2023)
For extra data, see:
Ubuntu Security Notice USN-6526-1 vom 2023-11-29 (29.11.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3802-1 vom 2023-09-27 (27.09.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3801-1 vom 2023-09-27 (27.09.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3688-1 vom 2023-09-19 (19.09.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3402-1 vom 2023-08-23 (23.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3265-1 vom 2023-08-10 (10.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3266-1 vom 2023-08-10 (10.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3267-1 vom 2023-08-10 (10.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3250-1 vom 2023-08-08 (08.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3236-1 vom 2023-08-08 (08.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3248-1 vom 2023-08-08 (08.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3235-1 vom 2023-08-08 (08.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3246-1 vom 2023-08-08 (08.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3249-1 vom 2023-08-08 (08.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3220-1 vom 2023-08-07 (07.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3221-1 vom 2023-08-07 (07.08.2023)
For extra data, see:
SUSE Security Update SUSE-SU-2023:3219-1 vom 2023-08-07 (07.08.2023)
For extra data, see:
Ubuntu Security Notice USN-6268-1 vom 2023-08-02 (02.08.2023)
For extra data, see:
Ubuntu Security Notice USN-6268-1 vom 2023-08-02 (02.08.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS2-2023-2154 vom 2023-07-26 (25.07.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS2-2023-2155 vom 2023-07-26 (25.07.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS-2023-2120 vom 2023-07-20 (20.07.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS-2023-2122 vom 2023-07-20 (20.07.2023)
For extra data, see:
Amazon Linux Security Advisory ALAS-2023-2121 vom 2023-07-20 (20.07.2023)
For extra data, see:
GStreamer – Security Advisory 2023-0002 (ZDI-CAN-20968) vom 2023-06-20 (20.06.2023)
For extra data, see:
GStreamer – Security Advisory 2023-0002 (ZDI-CAN-20968) vom 2023-06-20 (20.06.2023)
For extra data, see:
GStreamer – Security Advisory 2023-0001 (ZDI-CAN-20775) vom 2023-06-20 (20.06.2023)
For extra data, see:
Version historical past of this safety alert
This is model 18 of this GStreamer IT safety discover. If additional updates are introduced, this doc shall be up to date. You can examine adjustments or additions on this model historical past.
June 20, 2023 – First model
07/06/2023 – CVE added
July 20, 2023 – Added new updates from Amazon
July 25, 2023 – Added new updates from Amazon
08/02/2023 – Added new persona updates
08/07/2023 – New updates from SUSE added
08/08/2023 – New updates from SUSE added
08/10/2023 – New updates from SUSE added
08/23/2023 – New updates from SUSE added
09/19/2023 – New updates from SUSE added
09/27/2023 – New updates from SUSE added
November 29, 2023 – Added new persona updates
12/17/2023 – New updates from Fedora added
12/26/2023 – New updates from SUSE added
03/03/2024 – New updates from XEROX added
April 29, 2024 – New updates from Red Hat have been added
May 21, 2024 – New updates from Red Hat added
05/22/2024 – New updates from Red Hat have been added
+++ Editorial notice: This doc relies on present BSI knowledge and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
comply with News.de you might be right here Facebook, Twitter, Pinterest once more YouTube? Here you will see scorching information, present movies and a direct line to the editorial staff.
kns/roj/information.de