Описание
Security update for gstreamer
This update for gstreamer fixes the following security issues:
- A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
gstreamer-1.8.3-9.5
gstreamer-lang-1.8.3-9.5
gstreamer-utils-1.8.3-9.5
libgstreamer-1_0-0-1.8.3-9.5
libgstreamer-1_0-0-32bit-1.8.3-9.5
typelib-1_0-Gst-1_0-1.8.3-9.5
SUSE Linux Enterprise Server 12 SP2
gstreamer-1.8.3-9.5
gstreamer-lang-1.8.3-9.5
gstreamer-utils-1.8.3-9.5
libgstreamer-1_0-0-1.8.3-9.5
libgstreamer-1_0-0-32bit-1.8.3-9.5
typelib-1_0-Gst-1_0-1.8.3-9.5
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
gstreamer-1.8.3-9.5
gstreamer-lang-1.8.3-9.5
gstreamer-utils-1.8.3-9.5
libgstreamer-1_0-0-1.8.3-9.5
typelib-1_0-Gst-1_0-1.8.3-9.5
SUSE Linux Enterprise Server for SAP Applications 12 SP2
gstreamer-1.8.3-9.5
gstreamer-lang-1.8.3-9.5
gstreamer-utils-1.8.3-9.5
libgstreamer-1_0-0-1.8.3-9.5
libgstreamer-1_0-0-32bit-1.8.3-9.5
typelib-1_0-Gst-1_0-1.8.3-9.5
SUSE Linux Enterprise Software Development Kit 12 SP2
gstreamer-devel-1.8.3-9.5
Ссылки
- Link for SUSE-SU-2017:0966-1
- E-Mail link for SUSE-SU-2017:0966-1
- SUSE Security Ratings
- SUSE Bug 1024051
- SUSE CVE CVE-2017-5838 page
Описание
The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-1.8.3-9.5
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-lang-1.8.3-9.5
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-utils-1.8.3-9.5
SUSE Linux Enterprise Desktop 12 SP2:libgstreamer-1_0-0-1.8.3-9.5
Ссылки
- CVE-2017-5838
- SUSE Bug 1023259
- SUSE Bug 1024051