Описание
Security update for libquicktime
This update for libquicktime fixes the following issues:
Security issue fixed:
- CVE-2016-2399: Adjust patch to prevent endless loop when there are less than 256 bytes to read. (bsc#1022805)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Desktop 12 SP3
libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Server 12 SP2
libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Server 12 SP3
libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libquicktime-devel-1.2.4-14.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libquicktime-devel-1.2.4-14.3.1
Ссылки
- Link for SUSE-SU-2017:1986-1
- E-Mail link for SUSE-SU-2017:1986-1
- SUSE Security Ratings
- SUSE Bug 1022805
- SUSE CVE CVE-2016-2399 page
Описание
Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted hdlr MP4 atom.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Desktop 12 SP3:libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Server 12 SP2:libquicktime0-1.2.4-14.3.1
SUSE Linux Enterprise Server 12 SP3:libquicktime0-1.2.4-14.3.1
Ссылки
- CVE-2016-2399
- SUSE Bug 1022805