https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html Not good EDIT: I'm not using Ubuntu (but Fedora ) but I've just read that it already got an update for gstreamer1.0-plugins-bad which fixes this vulnerability. I guess Fedora will get it soon - and I'm using Firefox anyhow ...
Yaaaay, more insecurity from software bloat. Does anyone even use Tracker to index media files? Heck, does anyone use GStreamer instead of VLC or MPlayer?
Not only Linux is affected: That auto-download "feature" of Google Chrome (and Microsoft Edge) is also a risk on Windows.
This is great news, but I'd like to see Google and Fedora fix their **** too. I've always seen gstreamer-plugins-bad as an actually bad collection which has poor code review and poor security implementations, that's why I don't use it. I only use the "base" and "good" packages. But kudos to them for fixing it so quickly
Unfortunately my music player of choice does. It can use other avenues, but not support all the different filetypes I use. That said, I dont have that player go online either, and I certainly dont have gstreamer support in my browser. People have really been sounding the doom bells lately in regards to Linux security- and yet Windows gets security holes that are massive in comparison. Im not sure I really understand why? Shills? People that want to justify their unwillingness to leave the Windows sphere? I mean its fine to point this stuff out (good even), but with all the clickbait fear-mongering article titles (go check out reddit- wow) youd think someone found a massive security hole that allows people to pwn all Linux versions with root access. That is most certainly not what the case is... Different here of course- we tend to avoid hyperbole in this community which is certainly the most constructive and rational approach...
