Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:3296-1

Опубликовано: 29 дек. 2016
Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes:

  • Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829)
  • CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659).
  • CVE-2016-9812: Add more section size checks (bsc#1013678).
  • CVE-2016-9813: fix PAT parsing (bsc#1013680).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2
gstreamer-plugins-bad-1.8.3-14.1
gstreamer-plugins-bad-lang-1.8.3-14.1
libgstadaptivedemux-1_0-0-1.8.3-14.1
libgstbadaudio-1_0-0-1.8.3-14.1
libgstbadbase-1_0-0-1.8.3-14.1
libgstbadvideo-1_0-0-1.8.3-14.1
libgstbasecamerabinsrc-1_0-0-1.8.3-14.1
libgstcodecparsers-1_0-0-1.8.3-14.1
libgstgl-1_0-0-1.8.3-14.1
libgstmpegts-1_0-0-1.8.3-14.1
libgstphotography-1_0-0-1.8.3-14.1
libgsturidownloader-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Server 12 SP2
gstreamer-plugins-bad-1.8.3-14.1
gstreamer-plugins-bad-lang-1.8.3-14.1
libgstadaptivedemux-1_0-0-1.8.3-14.1
libgstbadaudio-1_0-0-1.8.3-14.1
libgstbadbase-1_0-0-1.8.3-14.1
libgstbadvideo-1_0-0-1.8.3-14.1
libgstbasecamerabinsrc-1_0-0-1.8.3-14.1
libgstcodecparsers-1_0-0-1.8.3-14.1
libgstgl-1_0-0-1.8.3-14.1
libgstmpegts-1_0-0-1.8.3-14.1
libgstphotography-1_0-0-1.8.3-14.1
libgsturidownloader-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
gstreamer-plugins-bad-1.8.3-14.1
gstreamer-plugins-bad-lang-1.8.3-14.1
libgstadaptivedemux-1_0-0-1.8.3-14.1
libgstbadaudio-1_0-0-1.8.3-14.1
libgstbadbase-1_0-0-1.8.3-14.1
libgstbadvideo-1_0-0-1.8.3-14.1
libgstbasecamerabinsrc-1_0-0-1.8.3-14.1
libgstcodecparsers-1_0-0-1.8.3-14.1
libgstgl-1_0-0-1.8.3-14.1
libgstmpegts-1_0-0-1.8.3-14.1
libgstphotography-1_0-0-1.8.3-14.1
libgsturidownloader-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
gstreamer-plugins-bad-1.8.3-14.1
gstreamer-plugins-bad-lang-1.8.3-14.1
libgstadaptivedemux-1_0-0-1.8.3-14.1
libgstbadaudio-1_0-0-1.8.3-14.1
libgstbadbase-1_0-0-1.8.3-14.1
libgstbadvideo-1_0-0-1.8.3-14.1
libgstbasecamerabinsrc-1_0-0-1.8.3-14.1
libgstcodecparsers-1_0-0-1.8.3-14.1
libgstgl-1_0-0-1.8.3-14.1
libgstmpegts-1_0-0-1.8.3-14.1
libgstphotography-1_0-0-1.8.3-14.1
libgsturidownloader-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Software Development Kit 12 SP2
gstreamer-plugins-bad-devel-1.8.3-14.1
libgstinsertbin-1_0-0-1.8.3-14.1
libgsturidownloader-1_0-0-1.8.3-14.1

Ссылки

Описание

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1
Ссылки

Описание

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1
Ссылки

Описание

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1
Ссылки

Описание

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1
Ссылки

Описание

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1
Ссылки
Уязвимость SUSE-SU-2016:3296-1