Описание
Security update for gstreamer-0_10-plugins-bad
This update for gstreamer-0_10-plugins-bad fixes the following issues:
- CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829)
- CVE-2016-9447: Disable the nsf plugin (bsc#1010514)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
gstreamer-0_10-plugins-bad-0.10.23-22.5
gstreamer-0_10-plugins-bad-lang-0.10.23-22.5
libgstbasecamerabinsrc-0_10-23-0.10.23-22.5
libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-22.5
libgstbasevideo-0_10-23-0.10.23-22.5
libgstbasevideo-0_10-23-32bit-0.10.23-22.5
libgstcodecparsers-0_10-23-0.10.23-22.5
libgstphotography-0_10-23-0.10.23-22.5
libgstphotography-0_10-23-32bit-0.10.23-22.5
libgstsignalprocessor-0_10-23-0.10.23-22.5
libgstsignalprocessor-0_10-23-32bit-0.10.23-22.5
libgstvdp-0_10-23-0.10.23-22.5
libgstvdp-0_10-23-32bit-0.10.23-22.5
SUSE Linux Enterprise Software Development Kit 12 SP2
gstreamer-0_10-plugins-bad-devel-0.10.23-22.5
libgstbasecamerabinsrc-0_10-23-0.10.23-22.5
libgstbasevideo-0_10-23-0.10.23-22.5
libgstcodecparsers-0_10-23-0.10.23-22.5
libgstphotography-0_10-23-0.10.23-22.5
libgstsignalprocessor-0_10-23-0.10.23-22.5
libgstvdp-0_10-23-0.10.23-22.5
SUSE Linux Enterprise Workstation Extension 12 SP2
gstreamer-0_10-plugins-bad-0.10.23-22.5
gstreamer-0_10-plugins-bad-lang-0.10.23-22.5
libgstbasecamerabinsrc-0_10-23-0.10.23-22.5
libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-22.5
libgstbasevideo-0_10-23-0.10.23-22.5
libgstbasevideo-0_10-23-32bit-0.10.23-22.5
libgstcodecparsers-0_10-23-0.10.23-22.5
libgstphotography-0_10-23-0.10.23-22.5
libgstphotography-0_10-23-32bit-0.10.23-22.5
libgstsignalprocessor-0_10-23-0.10.23-22.5
libgstsignalprocessor-0_10-23-32bit-0.10.23-22.5
libgstvdp-0_10-23-0.10.23-22.5
libgstvdp-0_10-23-32bit-0.10.23-22.5
Ссылки
- Link for SUSE-SU-2017:0027-1
- E-Mail link for SUSE-SU-2017:0027-1
- SUSE Security Ratings
- SUSE Bug 1010514
- SUSE Bug 1010829
- SUSE CVE CVE-2016-9445 page
- SUSE CVE CVE-2016-9446 page
- SUSE CVE CVE-2016-9447 page
Описание
Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-bad-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-bad-lang-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-0_10-23-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-22.5
Ссылки
- CVE-2016-9445
- SUSE Bug 1010829
Описание
The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-bad-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-bad-lang-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-0_10-23-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-22.5
Ссылки
- CVE-2016-9446
- SUSE Bug 1010829
Описание
The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-bad-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-bad-lang-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-0_10-23-0.10.23-22.5
SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-22.5
Ссылки
- CVE-2016-9447
- SUSE Bug 1010514