Описание
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following security issues:
- A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844)
- A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839)
- A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
gstreamer-plugins-base-1.8.3-12.11
gstreamer-plugins-base-lang-1.8.3-12.11
libgstallocators-1_0-0-1.8.3-12.11
libgstapp-1_0-0-1.8.3-12.11
libgstapp-1_0-0-32bit-1.8.3-12.11
libgstaudio-1_0-0-1.8.3-12.11
libgstaudio-1_0-0-32bit-1.8.3-12.11
libgstfft-1_0-0-1.8.3-12.11
libgstfft-1_0-0-32bit-1.8.3-12.11
libgstpbutils-1_0-0-1.8.3-12.11
libgstpbutils-1_0-0-32bit-1.8.3-12.11
libgstriff-1_0-0-1.8.3-12.11
libgstrtp-1_0-0-1.8.3-12.11
libgstrtsp-1_0-0-1.8.3-12.11
libgstsdp-1_0-0-1.8.3-12.11
libgsttag-1_0-0-1.8.3-12.11
libgsttag-1_0-0-32bit-1.8.3-12.11
libgstvideo-1_0-0-1.8.3-12.11
libgstvideo-1_0-0-32bit-1.8.3-12.11
typelib-1_0-GstAudio-1_0-1.8.3-12.11
typelib-1_0-GstPbutils-1_0-1.8.3-12.11
typelib-1_0-GstTag-1_0-1.8.3-12.11
typelib-1_0-GstVideo-1_0-1.8.3-12.11
SUSE Linux Enterprise Server 12 SP2
gstreamer-plugins-base-1.8.3-12.11
gstreamer-plugins-base-lang-1.8.3-12.11
libgstallocators-1_0-0-1.8.3-12.11
libgstapp-1_0-0-1.8.3-12.11
libgstapp-1_0-0-32bit-1.8.3-12.11
libgstaudio-1_0-0-1.8.3-12.11
libgstaudio-1_0-0-32bit-1.8.3-12.11
libgstfft-1_0-0-1.8.3-12.11
libgstpbutils-1_0-0-1.8.3-12.11
libgstpbutils-1_0-0-32bit-1.8.3-12.11
libgstriff-1_0-0-1.8.3-12.11
libgstrtp-1_0-0-1.8.3-12.11
libgstrtsp-1_0-0-1.8.3-12.11
libgstsdp-1_0-0-1.8.3-12.11
libgsttag-1_0-0-1.8.3-12.11
libgsttag-1_0-0-32bit-1.8.3-12.11
libgstvideo-1_0-0-1.8.3-12.11
libgstvideo-1_0-0-32bit-1.8.3-12.11
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
gstreamer-plugins-base-1.8.3-12.11
gstreamer-plugins-base-lang-1.8.3-12.11
libgstallocators-1_0-0-1.8.3-12.11
libgstapp-1_0-0-1.8.3-12.11
libgstaudio-1_0-0-1.8.3-12.11
libgstfft-1_0-0-1.8.3-12.11
libgstpbutils-1_0-0-1.8.3-12.11
libgstriff-1_0-0-1.8.3-12.11
libgstrtp-1_0-0-1.8.3-12.11
libgstrtsp-1_0-0-1.8.3-12.11
libgstsdp-1_0-0-1.8.3-12.11
libgsttag-1_0-0-1.8.3-12.11
libgstvideo-1_0-0-1.8.3-12.11
SUSE Linux Enterprise Server for SAP Applications 12 SP2
gstreamer-plugins-base-1.8.3-12.11
gstreamer-plugins-base-lang-1.8.3-12.11
libgstallocators-1_0-0-1.8.3-12.11
libgstapp-1_0-0-1.8.3-12.11
libgstapp-1_0-0-32bit-1.8.3-12.11
libgstaudio-1_0-0-1.8.3-12.11
libgstaudio-1_0-0-32bit-1.8.3-12.11
libgstfft-1_0-0-1.8.3-12.11
libgstpbutils-1_0-0-1.8.3-12.11
libgstpbutils-1_0-0-32bit-1.8.3-12.11
libgstriff-1_0-0-1.8.3-12.11
libgstrtp-1_0-0-1.8.3-12.11
libgstrtsp-1_0-0-1.8.3-12.11
libgstsdp-1_0-0-1.8.3-12.11
libgsttag-1_0-0-1.8.3-12.11
libgsttag-1_0-0-32bit-1.8.3-12.11
libgstvideo-1_0-0-1.8.3-12.11
libgstvideo-1_0-0-32bit-1.8.3-12.11
SUSE Linux Enterprise Software Development Kit 12 SP2
gstreamer-plugins-base-devel-1.8.3-12.11
typelib-1_0-GstAllocators-1_0-1.8.3-12.11
typelib-1_0-GstApp-1_0-1.8.3-12.11
typelib-1_0-GstAudio-1_0-1.8.3-12.11
typelib-1_0-GstFft-1_0-1.8.3-12.11
typelib-1_0-GstPbutils-1_0-1.8.3-12.11
typelib-1_0-GstRtp-1_0-1.8.3-12.11
typelib-1_0-GstRtsp-1_0-1.8.3-12.11
typelib-1_0-GstSdp-1_0-1.8.3-12.11
typelib-1_0-GstTag-1_0-1.8.3-12.11
typelib-1_0-GstVideo-1_0-1.8.3-12.11
SUSE Linux Enterprise Workstation Extension 12 SP2
libgstfft-1_0-0-32bit-1.8.3-12.11
typelib-1_0-GstAudio-1_0-1.8.3-12.11
typelib-1_0-GstPbutils-1_0-1.8.3-12.11
typelib-1_0-GstTag-1_0-1.8.3-12.11
typelib-1_0-GstVideo-1_0-1.8.3-12.11
Ссылки
- Link for SUSE-SU-2017:1039-1
- E-Mail link for SUSE-SU-2017:1039-1
- SUSE Security Ratings
- SUSE Bug 1024041
- SUSE Bug 1024047
- SUSE Bug 1024076
- SUSE Bug 1024079
- SUSE CVE CVE-2017-5837 page
- SUSE CVE CVE-2017-5839 page
- SUSE CVE CVE-2017-5842 page
- SUSE CVE CVE-2017-5844 page
Описание
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-lang-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstallocators-1_0-0-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstapp-1_0-0-1.8.3-12.11
Ссылки
- CVE-2017-5837
- SUSE Bug 1023259
- SUSE Bug 1024076
- SUSE Bug 1024079
Описание
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-lang-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstallocators-1_0-0-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstapp-1_0-0-1.8.3-12.11
Ссылки
- CVE-2017-5839
- SUSE Bug 1023259
- SUSE Bug 1024047
Описание
The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-lang-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstallocators-1_0-0-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstapp-1_0-0-1.8.3-12.11
Ссылки
- CVE-2017-5842
- SUSE Bug 1023259
- SUSE Bug 1024041
Описание
The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-base-lang-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstallocators-1_0-0-1.8.3-12.11
SUSE Linux Enterprise Desktop 12 SP2:libgstapp-1_0-0-1.8.3-12.11
Ссылки
- CVE-2017-5844
- SUSE Bug 1023259
- SUSE Bug 1024079