Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1066-1

Опубликовано: 19 апр. 2017
Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-good

This update for gstreamer-plugins-good fixes the following issues:

  • A crafted aac audio file could have caused an invalid read and thus corruption or denial of service (bsc#1024014, CVE-2016-10198)
  • A crafted mp4 file could have caused an invalid read and thus corruption or denial of service (bsc#1024017, CVE-2016-10199)
  • A crafted avi file could have caused an invalid read and thus corruption or denial of service (bsc#1024034, CVE-2017-5840)
  • A crafted AVI file with metadata tag entries (ncdt) could have caused invalid read access and thus corruption or denial of service (bsc#1024030, CVE-2017-5841)
  • A crafted avi file could have caused an invalid read access resulting in denial of service (bsc#1024062, CVE-2017-5845)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
gstreamer-plugins-good-1.8.3-5.3.1
gstreamer-plugins-good-32bit-1.8.3-5.3.1
gstreamer-plugins-good-doc-1.8.3-5.3.1
gstreamer-plugins-good-extra-1.8.3-5.3.1
gstreamer-plugins-good-extra-32bit-1.8.3-5.3.1
gstreamer-plugins-good-lang-1.8.3-5.3.1

Ссылки

Описание

The gst_aac_parse_sink_setcaps function in gst/audioparsers/gstaacparse.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted audio file.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-good-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-32bit-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-doc-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-extra-1.8.3-5.3.1
Ссылки

Описание

The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted tag value.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-good-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-32bit-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-doc-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-extra-1.8.3-5.3.1
Ссылки

Описание

The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving the current stts index.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-good-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-32bit-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-doc-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-extra-1.8.3-5.3.1
Ссылки

Описание

The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving ncdt tags.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-good-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-32bit-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-doc-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-extra-1.8.3-5.3.1
Ссылки

Описание

The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in gst-plugins-good in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (invalid memory read and crash) via a ncdt sub-tag that "goes behind" the surrounding tag.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-good-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-32bit-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-doc-1.8.3-5.3.1
openSUSE Leap 42.2:gstreamer-plugins-good-extra-1.8.3-5.3.1
Ссылки
Уязвимость openSUSE-SU-2017:1066-1