Last week I shared an article about using NES 6502 assembly to compromise an Ubuntu 12.04.5 desktop. This week, the same developer - Chris Evans - published a fresh 0day that again leverages GStreamer to bypass ASLR and DEP to run arbitrary code. This time the exploit is effective on fully patched Ubuntu 16.04 and Fedora 24 desktops alike, and similar to the previous one can work on the binary code of Rhythmbox and Totem player as well. Ars Technica covered the story and referenced other security researchers about the state of Linux desktop security in the present day.
Perhaps we should petition Lennart Poettering to simply roll GStreamer into systemd to make the freedesktop nightmare complete.