Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:0574-1

Опубликовано: 28 фев. 2017
Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following security issues:

  • A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844)
  • A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839)
  • A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842)

Список пакетов

openSUSE Leap 42.1
gstreamer-plugins-base-1.4.5-8.1
gstreamer-plugins-base-32bit-1.4.5-8.1
gstreamer-plugins-base-devel-1.4.5-8.1
gstreamer-plugins-base-doc-1.4.5-8.1
gstreamer-plugins-base-lang-1.4.5-8.1
libgstallocators-1_0-0-1.4.5-8.1
libgstallocators-1_0-0-32bit-1.4.5-8.1
libgstapp-1_0-0-1.4.5-8.1
libgstapp-1_0-0-32bit-1.4.5-8.1
libgstaudio-1_0-0-1.4.5-8.1
libgstaudio-1_0-0-32bit-1.4.5-8.1
libgstfft-1_0-0-1.4.5-8.1
libgstfft-1_0-0-32bit-1.4.5-8.1
libgstpbutils-1_0-0-1.4.5-8.1
libgstpbutils-1_0-0-32bit-1.4.5-8.1
libgstriff-1_0-0-1.4.5-8.1
libgstriff-1_0-0-32bit-1.4.5-8.1
libgstrtp-1_0-0-1.4.5-8.1
libgstrtp-1_0-0-32bit-1.4.5-8.1
libgstrtsp-1_0-0-1.4.5-8.1
libgstrtsp-1_0-0-32bit-1.4.5-8.1
libgstsdp-1_0-0-1.4.5-8.1
libgstsdp-1_0-0-32bit-1.4.5-8.1
libgsttag-1_0-0-1.4.5-8.1
libgsttag-1_0-0-32bit-1.4.5-8.1
libgstvideo-1_0-0-1.4.5-8.1
libgstvideo-1_0-0-32bit-1.4.5-8.1
typelib-1_0-GstAllocators-1_0-1.4.5-8.1
typelib-1_0-GstApp-1_0-1.4.5-8.1
typelib-1_0-GstAudio-1_0-1.4.5-8.1
typelib-1_0-GstFft-1_0-1.4.5-8.1
typelib-1_0-GstPbutils-1_0-1.4.5-8.1
typelib-1_0-GstRiff-1_0-1.4.5-8.1
typelib-1_0-GstRtp-1_0-1.4.5-8.1
typelib-1_0-GstRtsp-1_0-1.4.5-8.1
typelib-1_0-GstSdp-1_0-1.4.5-8.1
typelib-1_0-GstTag-1_0-1.4.5-8.1
typelib-1_0-GstVideo-1_0-1.4.5-8.1

Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.

Затронутые продукты
openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1
Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Затронутые продукты
openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1
Ссылки

Описание

The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

Затронутые продукты
openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1
Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

Затронутые продукты
openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1
openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1
Ссылки