Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0075-1

Опубликовано: 07 янв. 2017
Источник: suse-cvrf

Описание

Security update for gstreamer-0_10-plugins-bad

This update for gstreamer-0_10-plugins-bad fixes the following issues:

  • CVE-2016-9445, CVE-2016-9446: Protection against buffer overflows (bsc#1010829)
  • CVE-2016-9447: Disable the nsf plugin (bsc#1010514)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
gstreamer-0_10-plugins-bad-0.10.23-24.1
gstreamer-0_10-plugins-bad-32bit-0.10.23-24.1
gstreamer-0_10-plugins-bad-devel-0.10.23-24.1
gstreamer-0_10-plugins-bad-doc-0.10.23-24.1
gstreamer-0_10-plugins-bad-lang-0.10.23-24.1
libgstbasecamerabinsrc-0_10-23-0.10.23-24.1
libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-24.1
libgstbasevideo-0_10-23-0.10.23-24.1
libgstbasevideo-0_10-23-32bit-0.10.23-24.1
libgstcodecparsers-0_10-23-0.10.23-24.1
libgstcodecparsers-0_10-23-32bit-0.10.23-24.1
libgstphotography-0_10-23-0.10.23-24.1
libgstphotography-0_10-23-32bit-0.10.23-24.1
libgstsignalprocessor-0_10-23-0.10.23-24.1
libgstsignalprocessor-0_10-23-32bit-0.10.23-24.1
libgstvdp-0_10-23-0.10.23-24.1
libgstvdp-0_10-23-32bit-0.10.23-24.1

Ссылки

Описание

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-32bit-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-devel-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-doc-0.10.23-24.1
Ссылки

Описание

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-32bit-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-devel-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-doc-0.10.23-24.1
Ссылки

Описание

The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-32bit-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-devel-0.10.23-24.1
openSUSE Leap 42.2:gstreamer-0_10-plugins-bad-doc-0.10.23-24.1
Ссылки