SUSE-SU-2017:0967-1

Опубликовано: 07 апр. 2017

Источник: suse-cvrf

Описание

Security update for gstreamer

This update for gstreamer fixes the following security issues:

A crafted AVI file could have caused an invalid memory read, possibly causing DoS or corruption (bsc#1024051, CVE-2017-5838)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1

gstreamer-1.2.4-2.3.3

gstreamer-lang-1.2.4-2.3.3

gstreamer-utils-1.2.4-2.3.3

libgstreamer-1_0-0-1.2.4-2.3.3

libgstreamer-1_0-0-32bit-1.2.4-2.3.3

typelib-1_0-Gst-1_0-1.2.4-2.3.3

SUSE Linux Enterprise Server 12 SP1

gstreamer-1.2.4-2.3.3

gstreamer-lang-1.2.4-2.3.3

gstreamer-utils-1.2.4-2.3.3

libgstreamer-1_0-0-1.2.4-2.3.3

libgstreamer-1_0-0-32bit-1.2.4-2.3.3

typelib-1_0-Gst-1_0-1.2.4-2.3.3

SUSE Linux Enterprise Server for SAP Applications 12 SP1

gstreamer-1.2.4-2.3.3

gstreamer-lang-1.2.4-2.3.3

gstreamer-utils-1.2.4-2.3.3

libgstreamer-1_0-0-1.2.4-2.3.3

libgstreamer-1_0-0-32bit-1.2.4-2.3.3

typelib-1_0-Gst-1_0-1.2.4-2.3.3

SUSE Linux Enterprise Software Development Kit 12 SP1

gstreamer-devel-1.2.4-2.3.3

Ссылки

https://www.suse.com/support/update/announcement/2017/suse-su-20170967-1/
Link for SUSE-SU-2017:0967-1
https://lists.suse.com/pipermail/sle-security-updates/2017-April/002792.html
E-Mail link for SUSE-SU-2017:0967-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1024051
SUSE Bug 1024051
https://www.suse.com/security/cve/CVE-2017-5838/
SUSE CVE CVE-2017-5838 page

Описание

The gst_date_time_new_from_iso8601_string function in gst/gstdatetime.c in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a malformed datetime string.

Затронутые продукты

SUSE Linux Enterprise Desktop 12 SP1:gstreamer-1.2.4-2.3.3

SUSE Linux Enterprise Desktop 12 SP1:gstreamer-lang-1.2.4-2.3.3

SUSE Linux Enterprise Desktop 12 SP1:gstreamer-utils-1.2.4-2.3.3

SUSE Linux Enterprise Desktop 12 SP1:libgstreamer-1_0-0-1.2.4-2.3.3

Ссылки

https://www.suse.com/security/cve/CVE-2017-5838.html
CVE-2017-5838
https://bugzilla.suse.com/1023259
SUSE Bug 1023259
https://bugzilla.suse.com/1024051
SUSE Bug 1024051

SUSE-SU-2017:0967-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1

SUSE Linux Enterprise Server 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Software Development Kit 12 SP1

Ссылки

Уязвимость: CVE-2017-5838

Описание

Затронутые продукты

Ссылки