Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0072-1

Опубликовано: 07 янв. 2017
Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes:

  • Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829)
  • CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659).
  • CVE-2016-9812: Add more section size checks (bsc#1013678).
  • CVE-2016-9813: fix PAT parsing (bsc#1013680).

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
gstreamer-plugins-bad-1.8.3-3.1
gstreamer-plugins-bad-32bit-1.8.3-3.1
gstreamer-plugins-bad-devel-1.8.3-3.1
gstreamer-plugins-bad-doc-1.8.3-3.1
gstreamer-plugins-bad-lang-1.8.3-3.1
libgstadaptivedemux-1_0-0-1.8.3-3.1
libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1
libgstbadaudio-1_0-0-1.8.3-3.1
libgstbadaudio-1_0-0-32bit-1.8.3-3.1
libgstbadbase-1_0-0-1.8.3-3.1
libgstbadbase-1_0-0-32bit-1.8.3-3.1
libgstbadvideo-1_0-0-1.8.3-3.1
libgstbadvideo-1_0-0-32bit-1.8.3-3.1
libgstbasecamerabinsrc-1_0-0-1.8.3-3.1
libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1
libgstcodecparsers-1_0-0-1.8.3-3.1
libgstcodecparsers-1_0-0-32bit-1.8.3-3.1
libgstgl-1_0-0-1.8.3-3.1
libgstgl-1_0-0-32bit-1.8.3-3.1
libgstinsertbin-1_0-0-1.8.3-3.1
libgstinsertbin-1_0-0-32bit-1.8.3-3.1
libgstmpegts-1_0-0-1.8.3-3.1
libgstmpegts-1_0-0-32bit-1.8.3-3.1
libgstphotography-1_0-0-1.8.3-3.1
libgstphotography-1_0-0-32bit-1.8.3-3.1
libgstplayer-1_0-0-1.8.3-3.1
libgstplayer-1_0-0-32bit-1.8.3-3.1
libgsturidownloader-1_0-0-1.8.3-3.1
libgsturidownloader-1_0-0-32bit-1.8.3-3.1
libgstvdpau-1.8.3-3.1
libgstvdpau-32bit-1.8.3-3.1
libgstwayland-1_0-0-1.8.3-3.1
libgstwayland-1_0-0-32bit-1.8.3-3.1

Ссылки

Описание

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1
Ссылки

Описание

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1
Ссылки

Описание

Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1
Ссылки

Описание

The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1
Ссылки

Описание

The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1
Ссылки