Описание
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following security issues:
- CVE-2016-9807: Flic decoder invalid read could lead to crash. (bsc#1013655)
- CVE-2016-9634: Flic out-of-bounds write could lead to code execution. (bsc#1012102)
- CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012103)
- CVE-2016-9635: Flic out-of-bounds write could lead to code execution. (bsc#1012104)
- CVE-2016-9808: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013653)
- CVE-2016-9810: A maliciously crafted flic file can still cause invalid memory accesses. (bsc#1013663)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
Ссылки
- Link for SUSE-SU-2016:3303-1
- E-Mail link for SUSE-SU-2016:3303-1
- SUSE Security Ratings
- SUSE Bug 1012102
- SUSE Bug 1012103
- SUSE Bug 1012104
- SUSE Bug 1013653
- SUSE Bug 1013655
- SUSE Bug 1013663
- SUSE CVE CVE-2016-9634 page
- SUSE CVE CVE-2016-9635 page
- SUSE CVE CVE-2016-9636 page
- SUSE CVE CVE-2016-9807 page
- SUSE CVE CVE-2016-9808 page
- SUSE CVE CVE-2016-9810 page
Описание
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
Затронутые продукты
Ссылки
- CVE-2016-9634
- SUSE Bug 1012102
- SUSE Bug 1012103
- SUSE Bug 1012104
Описание
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
Затронутые продукты
Ссылки
- CVE-2016-9635
- SUSE Bug 1012102
- SUSE Bug 1012103
- SUSE Bug 1012104
- SUSE Bug 1013653
Описание
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
Затронутые продукты
Ссылки
- CVE-2016-9636
- SUSE Bug 1012102
- SUSE Bug 1012103
- SUSE Bug 1012104
Описание
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
Затронутые продукты
Ссылки
- CVE-2016-9807
- SUSE Bug 1013655
Описание
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
Затронутые продукты
Ссылки
- CVE-2016-9808
- SUSE Bug 1012102
- SUSE Bug 1012103
- SUSE Bug 1012104
- SUSE Bug 1013653
Описание
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
Затронутые продукты
Ссылки
- CVE-2016-9810
- SUSE Bug 1013663