Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:3297-1

Опубликовано: 29 дек. 2016
Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues:

  • CVE-2016-9809: Malicious mkv/h264 file could cause an off by one out of bounds read and lead to crash (bsc#1013659)
  • CVE-2016-9812: Malicious mpeg file could cause invalid a null pointer access and lead to crash (bsc#1013678)
  • CVE-2016-9813: Malicious mpegts file could cause invalid a null pointer access and lead to crash (bsc#1013680)
  • CVE-2016-9445, CVE-2016-9446: Check an integer overflow and initialize a buffer in vmncdec (bsc#1010829)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
gstreamer-plugins-bad-1.2.4-3.4.1
gstreamer-plugins-bad-lang-1.2.4-3.4.1
libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
libgstcodecparsers-1_0-0-1.2.4-3.4.1
libgstegl-1_0-0-1.2.4-3.4.1
libgstmpegts-1_0-0-1.2.4-3.4.1
libgstphotography-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP2
libgstegl-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Server 12 SP1
gstreamer-plugins-bad-1.2.4-3.4.1
gstreamer-plugins-bad-lang-1.2.4-3.4.1
libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
libgstcodecparsers-1_0-0-1.2.4-3.4.1
libgstegl-1_0-0-1.2.4-3.4.1
libgstmpegts-1_0-0-1.2.4-3.4.1
libgstphotography-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Server 12 SP2
libgstegl-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libgstegl-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
gstreamer-plugins-bad-1.2.4-3.4.1
gstreamer-plugins-bad-lang-1.2.4-3.4.1
libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
libgstcodecparsers-1_0-0-1.2.4-3.4.1
libgstegl-1_0-0-1.2.4-3.4.1
libgstmpegts-1_0-0-1.2.4-3.4.1
libgstphotography-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libgstegl-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Software Development Kit 12 SP1
gstreamer-plugins-bad-devel-1.2.4-3.4.1
libgstinsertbin-1_0-0-1.2.4-3.4.1
libgsturidownloader-1_0-0-1.2.4-3.4.1

Ссылки

Описание

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-lang-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstcodecparsers-1_0-0-1.2.4-3.4.1
Ссылки

Описание

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-lang-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstcodecparsers-1_0-0-1.2.4-3.4.1
Ссылки

Описание

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-lang-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstcodecparsers-1_0-0-1.2.4-3.4.1
Ссылки

Описание

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-lang-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstcodecparsers-1_0-0-1.2.4-3.4.1
Ссылки

Описание

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-bad-lang-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstbasecamerabinsrc-1_0-0-1.2.4-3.4.1
SUSE Linux Enterprise Desktop 12 SP1:libgstcodecparsers-1_0-0-1.2.4-3.4.1
Ссылки
Уязвимость SUSE-SU-2016:3297-1