Описание
Security update for gstreamer-plugins-good
This update for gstreamer-plugins-good fixes the following issues:
- A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198)
- A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199)
- A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840)
- A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841)
- A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
Ссылки
- Link for SUSE-SU-2017:1010-1
- E-Mail link for SUSE-SU-2017:1010-1
- SUSE Security Ratings
- SUSE Bug 1024014
- SUSE Bug 1024017
- SUSE Bug 1024030
- SUSE Bug 1024034
- SUSE Bug 1024062
- SUSE CVE CVE-2016-10198 page
- SUSE CVE CVE-2016-10199 page
- SUSE CVE CVE-2017-5840 page
- SUSE CVE CVE-2017-5841 page
- SUSE CVE CVE-2017-5845 page
Описание
The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.
Затронутые продукты
Ссылки
- CVE-2016-10198
- SUSE Bug 1023259
- SUSE Bug 1024014
Описание
The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.
Затронутые продукты
Ссылки
- CVE-2016-10199
- SUSE Bug 1023259
- SUSE Bug 1024017
Описание
The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.
Затронутые продукты
Ссылки
- CVE-2017-5840
- SUSE Bug 1023259
- SUSE Bug 1024034
Описание
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.
Затронутые продукты
Ссылки
- CVE-2017-5841
- SUSE Bug 1023259
- SUSE Bug 1024030
- SUSE Bug 1024062
Описание
The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.
Затронутые продукты
Ссылки
- CVE-2017-5845
- SUSE Bug 1023259
- SUSE Bug 1024062