Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2017:1041-1

Опубликовано: 18 апр. 2017
Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following security issues:

  • A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844)
  • A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839)
  • A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
gstreamer-plugins-base-1.2.4-2.6.8
gstreamer-plugins-base-lang-1.2.4-2.6.8
libgstallocators-1_0-0-1.2.4-2.6.8
libgstapp-1_0-0-1.2.4-2.6.8
libgstapp-1_0-0-32bit-1.2.4-2.6.8
libgstaudio-1_0-0-1.2.4-2.6.8
libgstaudio-1_0-0-32bit-1.2.4-2.6.8
libgstfft-1_0-0-1.2.4-2.6.8
libgstfft-1_0-0-32bit-1.2.4-2.6.8
libgstpbutils-1_0-0-1.2.4-2.6.8
libgstpbutils-1_0-0-32bit-1.2.4-2.6.8
libgstriff-1_0-0-1.2.4-2.6.8
libgstrtp-1_0-0-1.2.4-2.6.8
libgstrtsp-1_0-0-1.2.4-2.6.8
libgstsdp-1_0-0-1.2.4-2.6.8
libgsttag-1_0-0-1.2.4-2.6.8
libgsttag-1_0-0-32bit-1.2.4-2.6.8
libgstvideo-1_0-0-1.2.4-2.6.8
libgstvideo-1_0-0-32bit-1.2.4-2.6.8
typelib-1_0-GstAudio-1_0-1.2.4-2.6.8
typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8
typelib-1_0-GstTag-1_0-1.2.4-2.6.8
typelib-1_0-GstVideo-1_0-1.2.4-2.6.8
SUSE Linux Enterprise Server 12 SP1
gstreamer-plugins-base-1.2.4-2.6.8
gstreamer-plugins-base-lang-1.2.4-2.6.8
libgstallocators-1_0-0-1.2.4-2.6.8
libgstapp-1_0-0-1.2.4-2.6.8
libgstapp-1_0-0-32bit-1.2.4-2.6.8
libgstaudio-1_0-0-1.2.4-2.6.8
libgstaudio-1_0-0-32bit-1.2.4-2.6.8
libgstfft-1_0-0-1.2.4-2.6.8
libgstpbutils-1_0-0-1.2.4-2.6.8
libgstpbutils-1_0-0-32bit-1.2.4-2.6.8
libgstriff-1_0-0-1.2.4-2.6.8
libgstrtp-1_0-0-1.2.4-2.6.8
libgstrtsp-1_0-0-1.2.4-2.6.8
libgstsdp-1_0-0-1.2.4-2.6.8
libgsttag-1_0-0-1.2.4-2.6.8
libgsttag-1_0-0-32bit-1.2.4-2.6.8
libgstvideo-1_0-0-1.2.4-2.6.8
libgstvideo-1_0-0-32bit-1.2.4-2.6.8
SUSE Linux Enterprise Server for SAP Applications 12 SP1
gstreamer-plugins-base-1.2.4-2.6.8
gstreamer-plugins-base-lang-1.2.4-2.6.8
libgstallocators-1_0-0-1.2.4-2.6.8
libgstapp-1_0-0-1.2.4-2.6.8
libgstapp-1_0-0-32bit-1.2.4-2.6.8
libgstaudio-1_0-0-1.2.4-2.6.8
libgstaudio-1_0-0-32bit-1.2.4-2.6.8
libgstfft-1_0-0-1.2.4-2.6.8
libgstpbutils-1_0-0-1.2.4-2.6.8
libgstpbutils-1_0-0-32bit-1.2.4-2.6.8
libgstriff-1_0-0-1.2.4-2.6.8
libgstrtp-1_0-0-1.2.4-2.6.8
libgstrtsp-1_0-0-1.2.4-2.6.8
libgstsdp-1_0-0-1.2.4-2.6.8
libgsttag-1_0-0-1.2.4-2.6.8
libgsttag-1_0-0-32bit-1.2.4-2.6.8
libgstvideo-1_0-0-1.2.4-2.6.8
libgstvideo-1_0-0-32bit-1.2.4-2.6.8
SUSE Linux Enterprise Software Development Kit 12 SP1
gstreamer-plugins-base-devel-1.2.4-2.6.8
typelib-1_0-GstAllocators-1_0-1.2.4-2.6.8
typelib-1_0-GstApp-1_0-1.2.4-2.6.8
typelib-1_0-GstAudio-1_0-1.2.4-2.6.8
typelib-1_0-GstFft-1_0-1.2.4-2.6.8
typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8
typelib-1_0-GstRiff-1_0-1.2.4-2.6.8
typelib-1_0-GstRtp-1_0-1.2.4-2.6.8
typelib-1_0-GstRtsp-1_0-1.2.4-2.6.8
typelib-1_0-GstSdp-1_0-1.2.4-2.6.8
typelib-1_0-GstTag-1_0-1.2.4-2.6.8
typelib-1_0-GstVideo-1_0-1.2.4-2.6.8
SUSE Linux Enterprise Software Development Kit 12 SP2
typelib-1_0-GstRiff-1_0-1.2.4-2.6.8
SUSE Linux Enterprise Workstation Extension 12 SP1
libgstfft-1_0-0-32bit-1.2.4-2.6.8
typelib-1_0-GstAudio-1_0-1.2.4-2.6.8
typelib-1_0-GstPbutils-1_0-1.2.4-2.6.8
typelib-1_0-GstTag-1_0-1.2.4-2.6.8
typelib-1_0-GstVideo-1_0-1.2.4-2.6.8

Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-lang-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstallocators-1_0-0-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstapp-1_0-0-1.2.4-2.6.8
Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-lang-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstallocators-1_0-0-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstapp-1_0-0-1.2.4-2.6.8
Ссылки

Описание

The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-lang-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstallocators-1_0-0-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstapp-1_0-0-1.2.4-2.6.8
Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:gstreamer-plugins-base-lang-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstallocators-1_0-0-1.2.4-2.6.8
SUSE Linux Enterprise Desktop 12 SP1:libgstapp-1_0-0-1.2.4-2.6.8
Ссылки
Уязвимость SUSE-SU-2017:1041-1