Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

openSUSE 13.2: 2017:0160-1 Important: Gstreamer DoS Fix

opensuse
Calendar Grey January 16, 2017
Dist Opensuse Esm H88
Patch for gstreamer-0_10-plugins-bad resolves various vulnerabilities, safeguarding the system from unauthorized memory access risks.
An update that fixes 6 vulnerabilities is now available

Description

This update for gstreamer-0_10-plugins-good fixes the following issues:

- CVE-2016-9634: Invalid FLIC files could have caused and an out-of-bounds

write (bsc#1012102)

- CVE-2016-9635: Invalid FLIC files could have caused and an out-of-bounds

write (bsc#1012103)

- CVE-2016-9636: Prevent maliciously crafted flic files from causing

invalid memory writes (bsc#1012104)

- CVE-2016-9807: Prevent the reading of invalid memory in

flx_decode_chunks, leading to DoS (bsc#1013655)

- CVE-2016-9808: Prevent maliciously crafted flic files from causing

invalid memory accesses (bsc#1013653)

- CVE-2016-9810: Invalid files can be used to extraneous unreferences,

leading to invalid memory access and DoS (bsc#1013663)

Topics%20covered

Topics Covered

security advisory important Denial of Service openSUSE gstreamer

Patch

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.

Alternatively you can run the command listed for your product:

- openSUSE 13.2:

zypper in -t patch openSUSE-2017-88=1

To bring your system up-to-date, use "zypper patch".

Package List

- openSUSE 13.2 (i586 x86_64):

gstreamer-0_10-plugin-esd-0.10.31-13.3.1

gstreamer-0_10-plugin-esd-debuginfo-0.10.31-13.3.1

gstreamer-0_10-plugins-good-0.10.31-13.3.1

gstreamer-0_10-plugins-good-debuginfo-0.10.31-13.3.1

gstreamer-0_10-plugins-good-debugsource-0.10.31-13.3.1

gstreamer-0_10-plugins-good-doc-0.10.31-13.3.1

gstreamer-0_10-plugins-good-extra-0.10.31-13.3.1

gstreamer-0_10-plugins-good-extra-debuginfo-0.10.31-13.3.1

- openSUSE 13.2 (noarch):

gstreamer-0_10-plugins-good-lang-0.10.31-13.3.1

- openSUSE 13.2 (x86_64):

gstreamer-0_10-plugin-esd-32bit-0.10.31-13.3.1

gstreamer-0_10-plugin-esd-debuginfo-32bit-0.10.31-13.3.1

gstreamer-0_10-plugins-good-32bit-0.10.31-13.3.1

gstreamer-0_10-plugins-good-debuginfo-32bit-0.10.31-13.3.1

gstreamer-0_10-plugins-good-extra-32bit-0.10.31-13.3.1

gstreamer-0_10-plugins-good-extra-debuginfo-32bit-0.10.31-13.3.1

References

https://www.suse.com/security/cve/CVE-2016-9634.html

https://www.suse.com/security/cve/CVE-2016-9635.html

https://www.suse.com/security/cve/CVE-2016-9636.html

https://www.suse.com/security/cve/CVE-2016-9807.html

https://www.suse.com/security/cve/CVE-2016-9808.html

https://www.suse.com/security/cve/CVE-2016-9810.html

https://bugzilla.suse.com/1012102

https://bugzilla.suse.com/1012103

https://bugzilla.suse.com/1012104

https://bugzilla.suse.com/1013653

https://bugzilla.suse.com/1013655

https://bugzilla.suse.com/1013663

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2017:0160-1
Rating: important
Affected Products: openSUSE 13.2 .

Topics%20covered

Topics Covered

security advisory important Denial of Service openSUSE gstreamer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here