SUSE-SU-2017:0962-1

Опубликовано: 07 апр. 2017

Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues:

Security issues fixed:

CVE-2017-5843: set stream tags to NULL after unrefing (bsc#1024044).
CVE-2017-5848: rewrite PSM parsing to add bounds checking (bsc#1024068).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

gstreamer-plugins-bad-1.8.3-17.2

gstreamer-plugins-bad-lang-1.8.3-17.2

libgstadaptivedemux-1_0-0-1.8.3-17.2

libgstbadaudio-1_0-0-1.8.3-17.2

libgstbadbase-1_0-0-1.8.3-17.2

libgstbadvideo-1_0-0-1.8.3-17.2

libgstbasecamerabinsrc-1_0-0-1.8.3-17.2

libgstcodecparsers-1_0-0-1.8.3-17.2

libgstgl-1_0-0-1.8.3-17.2

libgstmpegts-1_0-0-1.8.3-17.2

libgstphotography-1_0-0-1.8.3-17.2

libgsturidownloader-1_0-0-1.8.3-17.2

SUSE Linux Enterprise Server 12 SP2

gstreamer-plugins-bad-1.8.3-17.2

gstreamer-plugins-bad-lang-1.8.3-17.2

libgstadaptivedemux-1_0-0-1.8.3-17.2

libgstbadaudio-1_0-0-1.8.3-17.2

libgstbadbase-1_0-0-1.8.3-17.2

libgstbadvideo-1_0-0-1.8.3-17.2

libgstbasecamerabinsrc-1_0-0-1.8.3-17.2

libgstcodecparsers-1_0-0-1.8.3-17.2

libgstgl-1_0-0-1.8.3-17.2

libgstmpegts-1_0-0-1.8.3-17.2

libgstphotography-1_0-0-1.8.3-17.2

libgsturidownloader-1_0-0-1.8.3-17.2

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

gstreamer-plugins-bad-1.8.3-17.2

gstreamer-plugins-bad-lang-1.8.3-17.2

libgstadaptivedemux-1_0-0-1.8.3-17.2

libgstbadaudio-1_0-0-1.8.3-17.2

libgstbadbase-1_0-0-1.8.3-17.2

libgstbadvideo-1_0-0-1.8.3-17.2

libgstbasecamerabinsrc-1_0-0-1.8.3-17.2

libgstcodecparsers-1_0-0-1.8.3-17.2

libgstgl-1_0-0-1.8.3-17.2

libgstmpegts-1_0-0-1.8.3-17.2

libgstphotography-1_0-0-1.8.3-17.2

libgsturidownloader-1_0-0-1.8.3-17.2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

gstreamer-plugins-bad-1.8.3-17.2

gstreamer-plugins-bad-lang-1.8.3-17.2

libgstadaptivedemux-1_0-0-1.8.3-17.2

libgstbadaudio-1_0-0-1.8.3-17.2

libgstbadbase-1_0-0-1.8.3-17.2

libgstbadvideo-1_0-0-1.8.3-17.2

libgstbasecamerabinsrc-1_0-0-1.8.3-17.2

libgstcodecparsers-1_0-0-1.8.3-17.2

libgstgl-1_0-0-1.8.3-17.2

libgstmpegts-1_0-0-1.8.3-17.2

libgstphotography-1_0-0-1.8.3-17.2

libgsturidownloader-1_0-0-1.8.3-17.2

SUSE Linux Enterprise Software Development Kit 12 SP2

gstreamer-plugins-bad-devel-1.8.3-17.2

libgstinsertbin-1_0-0-1.8.3-17.2

libgsturidownloader-1_0-0-1.8.3-17.2

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20170962-1/
Link for SUSE-SU-2017:0962-1
https://lists.suse.com/pipermail/sle-security-updates/2017-April/002790.html
E-Mail link for SUSE-SU-2017:0962-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1024044
SUSE Bug 1024044
https://bugzilla.suse.com/1024068
SUSE Bug 1024068
https://www.suse.com/security/cve/CVE-2017-5843/
SUSE CVE CVE-2017-5843 page
https://www.suse.com/security/cve/CVE-2017-5848/
SUSE CVE CVE-2017-5848 page

Описание

Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-17.2

SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-17.2

SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-17.2

SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-17.2

Ссылки

https://www.suse.com/security/cve/CVE-2017-5843.html
CVE-2017-5843
https://bugzilla.suse.com/1023259
SUSE Bug 1023259
https://bugzilla.suse.com/1024044
SUSE Bug 1024044

Описание

The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-17.2

SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-17.2

SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-17.2

SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-17.2

Ссылки

https://www.suse.com/security/cve/CVE-2017-5848.html
CVE-2017-5848
https://bugzilla.suse.com/1023259
SUSE Bug 1023259
https://bugzilla.suse.com/1024068
SUSE Bug 1024068

SUSE-SU-2017:0962-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP2

SUSE Linux Enterprise Server 12 SP2

SUSE Linux Enterprise Server for Raspberry Pi 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Software Development Kit 12 SP2

Ссылки

Уязвимость: CVE-2017-5843

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2017-5848

Описание

Затронутые продукты

Ссылки