Описание
Security update for gstreamer-0_10-plugins-base
This update for gstreamer-0_10-plugins-base fixes the following issue:
- CVE-2016-9811: out of bounds memory read in windows_icon_typefind (bsc#1013669)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
gstreamer-0_10-plugins-base-0.10.36-14.1
gstreamer-0_10-plugins-base-32bit-0.10.36-14.1
gstreamer-0_10-plugins-base-lang-0.10.36-14.1
libgstapp-0_10-0-0.10.36-14.1
libgstapp-0_10-0-32bit-0.10.36-14.1
libgstinterfaces-0_10-0-0.10.36-14.1
libgstinterfaces-0_10-0-32bit-0.10.36-14.1
SUSE Linux Enterprise Server 12 SP2
gstreamer-0_10-plugins-base-32bit-0.10.36-14.1
libgstapp-0_10-0-32bit-0.10.36-14.1
libgstinterfaces-0_10-0-32bit-0.10.36-14.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
gstreamer-0_10-plugins-base-32bit-0.10.36-14.1
libgstapp-0_10-0-32bit-0.10.36-14.1
libgstinterfaces-0_10-0-32bit-0.10.36-14.1
SUSE Linux Enterprise Software Development Kit 12 SP2
gstreamer-0_10-plugins-base-devel-0.10.36-14.1
typelib-1_0-GstApp-0_10-0.10.36-14.1
typelib-1_0-GstInterfaces-0_10-0.10.36-14.1
SUSE Linux Enterprise Workstation Extension 12 SP2
gstreamer-0_10-plugins-base-0.10.36-14.1
gstreamer-0_10-plugins-base-lang-0.10.36-14.1
libgstapp-0_10-0-0.10.36-14.1
libgstinterfaces-0_10-0-0.10.36-14.1
Ссылки
- Link for SUSE-SU-2017:0242-1
- E-Mail link for SUSE-SU-2017:0242-1
- SUSE Security Ratings
- SUSE Bug 1013669
- SUSE CVE CVE-2016-9811 page
Описание
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-base-0.10.36-14.1
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-base-32bit-0.10.36-14.1
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-0_10-plugins-base-lang-0.10.36-14.1
SUSE Linux Enterprise Desktop 12 SP2:libgstapp-0_10-0-0.10.36-14.1
Ссылки
- CVE-2016-9811
- SUSE Bug 1013669