Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:1106-1

Опубликовано: 26 апр. 2017
Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following security issues:

  • A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844)
  • A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839)
  • A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842)

This update was imported from the SUSE:SLE-12-SP2:Update update project.

Список пакетов

openSUSE Leap 42.2
gstreamer-plugins-base-1.8.3-5.3.2
gstreamer-plugins-base-32bit-1.8.3-5.3.2
gstreamer-plugins-base-devel-1.8.3-5.3.2
gstreamer-plugins-base-devel-32bit-1.8.3-5.3.2
gstreamer-plugins-base-doc-1.8.3-5.3.2
gstreamer-plugins-base-lang-1.8.3-5.3.2
libgstallocators-1_0-0-1.8.3-5.3.2
libgstallocators-1_0-0-32bit-1.8.3-5.3.2
libgstapp-1_0-0-1.8.3-5.3.2
libgstapp-1_0-0-32bit-1.8.3-5.3.2
libgstaudio-1_0-0-1.8.3-5.3.2
libgstaudio-1_0-0-32bit-1.8.3-5.3.2
libgstfft-1_0-0-1.8.3-5.3.2
libgstfft-1_0-0-32bit-1.8.3-5.3.2
libgstpbutils-1_0-0-1.8.3-5.3.2
libgstpbutils-1_0-0-32bit-1.8.3-5.3.2
libgstriff-1_0-0-1.8.3-5.3.2
libgstriff-1_0-0-32bit-1.8.3-5.3.2
libgstrtp-1_0-0-1.8.3-5.3.2
libgstrtp-1_0-0-32bit-1.8.3-5.3.2
libgstrtsp-1_0-0-1.8.3-5.3.2
libgstrtsp-1_0-0-32bit-1.8.3-5.3.2
libgstsdp-1_0-0-1.8.3-5.3.2
libgstsdp-1_0-0-32bit-1.8.3-5.3.2
libgsttag-1_0-0-1.8.3-5.3.2
libgsttag-1_0-0-32bit-1.8.3-5.3.2
libgstvideo-1_0-0-1.8.3-5.3.2
libgstvideo-1_0-0-32bit-1.8.3-5.3.2
typelib-1_0-GstAllocators-1_0-1.8.3-5.3.2
typelib-1_0-GstApp-1_0-1.8.3-5.3.2
typelib-1_0-GstAudio-1_0-1.8.3-5.3.2
typelib-1_0-GstFft-1_0-1.8.3-5.3.2
typelib-1_0-GstPbutils-1_0-1.8.3-5.3.2
typelib-1_0-GstRtp-1_0-1.8.3-5.3.2
typelib-1_0-GstRtsp-1_0-1.8.3-5.3.2
typelib-1_0-GstSdp-1_0-1.8.3-5.3.2
typelib-1_0-GstTag-1_0-1.8.3-5.3.2
typelib-1_0-GstVideo-1_0-1.8.3-5.3.2

Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-base-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-32bit-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-32bit-1.8.3-5.3.2
Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-base-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-32bit-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-32bit-1.8.3-5.3.2
Ссылки

Описание

The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-base-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-32bit-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-32bit-1.8.3-5.3.2
Ссылки

Описание

The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file.

Затронутые продукты
openSUSE Leap 42.2:gstreamer-plugins-base-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-32bit-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-1.8.3-5.3.2
openSUSE Leap 42.2:gstreamer-plugins-base-devel-32bit-1.8.3-5.3.2
Ссылки