Описание
Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issues:
- CVE-2016-9809: Off by one read in gst_h264_parse_set_caps() (bsc#1013659).
- CVE-2016-9812: Out of bounds read in gst_mpegts_section_new (bsc#1013678).
- CVE-2016-9813: mpegts parser: null pointer deref in _parse_pat (bsc#1013680).
Список пакетов
openSUSE Leap 42.1
gstreamer-plugins-bad-1.4.5-11.1
gstreamer-plugins-bad-32bit-1.4.5-11.1
gstreamer-plugins-bad-devel-1.4.5-11.1
gstreamer-plugins-bad-doc-1.4.5-11.1
gstreamer-plugins-bad-lang-1.4.5-11.1
libgstbadbase-1_0-0-1.4.5-11.1
libgstbadbase-1_0-0-32bit-1.4.5-11.1
libgstbadvideo-1_0-0-1.4.5-11.1
libgstbadvideo-1_0-0-32bit-1.4.5-11.1
libgstbasecamerabinsrc-1_0-0-1.4.5-11.1
libgstbasecamerabinsrc-1_0-0-32bit-1.4.5-11.1
libgstcodecparsers-1_0-0-1.4.5-11.1
libgstcodecparsers-1_0-0-32bit-1.4.5-11.1
libgstgl-1_0-0-1.4.5-11.1
libgstgl-1_0-0-32bit-1.4.5-11.1
libgstinsertbin-1_0-0-1.4.5-11.1
libgstinsertbin-1_0-0-32bit-1.4.5-11.1
libgstmpegts-1_0-0-1.4.5-11.1
libgstmpegts-1_0-0-32bit-1.4.5-11.1
libgstphotography-1_0-0-1.4.5-11.1
libgstphotography-1_0-0-32bit-1.4.5-11.1
libgsturidownloader-1_0-0-1.4.5-11.1
libgsturidownloader-1_0-0-32bit-1.4.5-11.1
libgstwayland-1_0-0-1.4.5-11.1
libgstwayland-1_0-0-32bit-1.4.5-11.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0152-1
- SUSE Security Ratings
Описание
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
Затронутые продукты
openSUSE Leap 42.1:gstreamer-plugins-bad-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-32bit-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-devel-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-doc-1.4.5-11.1
Ссылки
- CVE-2016-9809
- SUSE Bug 1013659
Описание
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
Затронутые продукты
openSUSE Leap 42.1:gstreamer-plugins-bad-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-32bit-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-devel-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-doc-1.4.5-11.1
Ссылки
- CVE-2016-9812
- SUSE Bug 1013678
Описание
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
Затронутые продукты
openSUSE Leap 42.1:gstreamer-plugins-bad-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-32bit-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-devel-1.4.5-11.1
openSUSE Leap 42.1:gstreamer-plugins-bad-doc-1.4.5-11.1
Ссылки
- CVE-2016-9813
- SUSE Bug 1013680