Описание
Security update for gstreamer-plugins-bad
This update for gstreamer-plugins-bad fixes the following issues:
Security issues fixed:
- CVE-2017-5843: set stream tags to NULL after unrefing (bsc#1024044).
- CVE-2017-5848: rewrite PSM parsing to add bounds checking (bsc#1024068).
This update was imported from the SUSE:SLE-12-SP2:Update update project.
Список пакетов
openSUSE Leap 42.2
gstreamer-plugins-bad-1.8.3-5.3.1
gstreamer-plugins-bad-32bit-1.8.3-5.3.1
gstreamer-plugins-bad-devel-1.8.3-5.3.1
gstreamer-plugins-bad-doc-1.8.3-5.3.1
gstreamer-plugins-bad-lang-1.8.3-5.3.1
libgstadaptivedemux-1_0-0-1.8.3-5.3.1
libgstadaptivedemux-1_0-0-32bit-1.8.3-5.3.1
libgstbadaudio-1_0-0-1.8.3-5.3.1
libgstbadaudio-1_0-0-32bit-1.8.3-5.3.1
libgstbadbase-1_0-0-1.8.3-5.3.1
libgstbadbase-1_0-0-32bit-1.8.3-5.3.1
libgstbadvideo-1_0-0-1.8.3-5.3.1
libgstbadvideo-1_0-0-32bit-1.8.3-5.3.1
libgstbasecamerabinsrc-1_0-0-1.8.3-5.3.1
libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-5.3.1
libgstcodecparsers-1_0-0-1.8.3-5.3.1
libgstcodecparsers-1_0-0-32bit-1.8.3-5.3.1
libgstgl-1_0-0-1.8.3-5.3.1
libgstgl-1_0-0-32bit-1.8.3-5.3.1
libgstinsertbin-1_0-0-1.8.3-5.3.1
libgstinsertbin-1_0-0-32bit-1.8.3-5.3.1
libgstmpegts-1_0-0-1.8.3-5.3.1
libgstmpegts-1_0-0-32bit-1.8.3-5.3.1
libgstphotography-1_0-0-1.8.3-5.3.1
libgstphotography-1_0-0-32bit-1.8.3-5.3.1
libgstplayer-1_0-0-1.8.3-5.3.1
libgstplayer-1_0-0-32bit-1.8.3-5.3.1
libgsturidownloader-1_0-0-1.8.3-5.3.1
libgsturidownloader-1_0-0-32bit-1.8.3-5.3.1
libgstvdpau-1.8.3-5.3.1
libgstvdpau-32bit-1.8.3-5.3.1
libgstwayland-1_0-0-1.8.3-5.3.1
libgstwayland-1_0-0-32bit-1.8.3-5.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1032-1
- SUSE Security Ratings
Описание
Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf.
Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-5.3.1
Ссылки
- CVE-2017-5843
- SUSE Bug 1023259
- SUSE Bug 1024044
Описание
The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing.
Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-5.3.1
Ссылки
- CVE-2017-5848
- SUSE Bug 1023259
- SUSE Bug 1024068