Описание
Security update for libquicktime
This update for libquicktime fixes the following issues:
- A crafted MP4 file could have caused libquicktime to crash or lead to undefined behaviour (bsc#1022805, CVE-2016-2399)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Desktop 12 SP2
libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Server 12 SP1
libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Server 12 SP2
libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libquicktime-devel-1.2.4-10.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libquicktime-devel-1.2.4-10.1
Ссылки
- Link for SUSE-SU-2017:0610-1
- E-Mail link for SUSE-SU-2017:0610-1
- SUSE Security Ratings
- SUSE Bug 1022805
- SUSE CVE CVE-2016-2399 page
Описание
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Server 12 SP1:libquicktime0-1.2.4-10.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-10.1
Ссылки
- CVE-2016-2399
- SUSE Bug 1022805