CVE-2023-44446 raised against gstreamer not uploaded to repository

Support for security such as Firewalls and securing linux
User avatar
TrevorH
Site Admin
Posts: 33165
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by TrevorH » 2024/01/30 17:48:19

I don't answer questions sent via PM, only on the forums so the replies are public.

yum update looks at the various .repo files in /etc/yum.repos.d/ and works out from those which repos to use. These updates were pushed out on Friday so if you do not see them already then you have something severely wrong with your setup and need to fix it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

eliezer318
Posts: 9
Joined: 2024/01/25 17:12:27

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by eliezer318 » 2024/01/31 17:20:50

Where is the gstreamer1.rpm?

With the updated patch for the CVE,

Eliezer

eliezer318
Posts: 9
Joined: 2024/01/25 17:12:27

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by eliezer318 » 2024/01/31 17:34:12

Trevor,

I want to apologize to you as there is time sensitivity to our issues and I was trying to get info quickly.

I will only use the usual /regular process moving forward.

I await your answer to my newest concurrent question on this topic?

V/r,
Eliezer

tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by tunk » 2024/01/31 19:04:43

I guess Trevor already gave you an answer, you have to check your repo-files.
Alternatively output from yum update may help.

eliezer318
Posts: 9
Joined: 2024/01/25 17:12:27

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by eliezer318 » 2024/01/31 19:27:41

We can see gstreamer's download:

gstreamer-plugins-bad-free-0.10.23-24.el7_9.x86_64.rpm from (http://mirror.centos.org/centos-7/7.9.2 ... s/?C=N;O=D)

but not gstreamer1.

Where is that ? We are running yum update and all it receives is gstreamer and not gstreamer1.

eliezer

tunk
Posts: 1204
Joined: 2017/02/22 15:08:17

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by tunk » 2024/01/31 20:01:33

Looks like it's missing, on a fully updated system I have gstreamer1-plugins-bad-free from April 2018.

eliezer318
Posts: 9
Joined: 2024/01/25 17:12:27

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by eliezer318 » 2024/01/31 20:05:05

Exactly, that is why I am asking.

Hopefully someone can let us know when it will be updated/uploaded to the mirror site,
eliezer

eliezer318
Posts: 9
Joined: 2024/01/25 17:12:27

CVE-2023-44446 raised against "GSTREAMER1" not uploaded to repository

Post by eliezer318 » 2024/02/01 16:52:34

gstreamer-plugins-bad-free-0.10.23-24.el7_9.x86_64.rpm is in the mirror repository.

We are looking for CVE-2023-44446 raised against gstreamer1-plugins-bad-free-0.10.23-24.el7_9.x86_64.rpm that isn't currently in the mirror.

any ideas when it will be ready or its current location for download?

Eliezer

User avatar
jlehtone
Posts: 4512
Joined: 2007/12/11 08:17:33
Location: Finland

Re: CVE-2023-44446 raised against "GSTREAMER1" not uploaded to repository

Post by jlehtone » 2024/02/02 08:36:03

According to Red Hat, https://access.redhat.com/errata/RHSA-2024:0013
The gstreamer1-plugins-bad-free-1.10.4-4.el7_9 were released 2024-01-02 (for RHEL 7)
(while the gstreamer-plugins-bad-free-0.10.23-24.el7_9 was released 2024-01-17).

Yes, CentOS 7 is still with 1.10.4-3.el7 ...

User avatar
TrevorH
Site Admin
Posts: 33165
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2023-44446 raised against gstreamer not uploaded to repository

Post by TrevorH » 2024/02/02 19:03:36

Please do not raise duplicate topics. Merged this one into the previous one. I have asked the maintainer about it and there is no news yet. When there is I will update here.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

Post Reply