Security update for gstreamer-plugins-bad SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0072-1 Final 1 1 2017-01-07T20:51:30Z current 2017-01-07T20:51:30Z 2017-01-07T20:51:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gstreamer-plugins-bad This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes: - Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829) - CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659). - CVE-2016-9812: Add more section size checks (bsc#1013678). - CVE-2016-9813: fix PAT parsing (bsc#1013680). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-01/msg00045.html E-Mail link for openSUSE-SU-2017:0072-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 gstreamer-plugins-bad-1.8.3-3.1 gstreamer-plugins-bad-32bit-1.8.3-3.1 gstreamer-plugins-bad-devel-1.8.3-3.1 gstreamer-plugins-bad-doc-1.8.3-3.1 gstreamer-plugins-bad-lang-1.8.3-3.1 libgstadaptivedemux-1_0-0-1.8.3-3.1 libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1 libgstbadaudio-1_0-0-1.8.3-3.1 libgstbadaudio-1_0-0-32bit-1.8.3-3.1 libgstbadbase-1_0-0-1.8.3-3.1 libgstbadbase-1_0-0-32bit-1.8.3-3.1 libgstbadvideo-1_0-0-1.8.3-3.1 libgstbadvideo-1_0-0-32bit-1.8.3-3.1 libgstbasecamerabinsrc-1_0-0-1.8.3-3.1 libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1 libgstcodecparsers-1_0-0-1.8.3-3.1 libgstcodecparsers-1_0-0-32bit-1.8.3-3.1 libgstgl-1_0-0-1.8.3-3.1 libgstgl-1_0-0-32bit-1.8.3-3.1 libgstinsertbin-1_0-0-1.8.3-3.1 libgstinsertbin-1_0-0-32bit-1.8.3-3.1 libgstmpegts-1_0-0-1.8.3-3.1 libgstmpegts-1_0-0-32bit-1.8.3-3.1 libgstphotography-1_0-0-1.8.3-3.1 libgstphotography-1_0-0-32bit-1.8.3-3.1 libgstplayer-1_0-0-1.8.3-3.1 libgstplayer-1_0-0-32bit-1.8.3-3.1 libgsturidownloader-1_0-0-1.8.3-3.1 libgsturidownloader-1_0-0-32bit-1.8.3-3.1 libgstvdpau-1.8.3-3.1 libgstvdpau-32bit-1.8.3-3.1 libgstwayland-1_0-0-1.8.3-3.1 libgstwayland-1_0-0-32bit-1.8.3-3.1 gstreamer-plugins-bad-1.8.3-3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-devel-1.8.3-3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-doc-1.8.3-3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-lang-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstadaptivedemux-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbadaudio-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbadaudio-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbadbase-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbadbase-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbadvideo-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbadvideo-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbasecamerabinsrc-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstcodecparsers-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstcodecparsers-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstgl-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstgl-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstinsertbin-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstinsertbin-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstmpegts-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstmpegts-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstphotography-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstphotography-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstplayer-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstplayer-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgsturidownloader-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgsturidownloader-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstvdpau-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstvdpau-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstwayland-1_0-0-1.8.3-3.1 as a component of openSUSE Leap 42.2 libgstwayland-1_0-0-32bit-1.8.3-3.1 as a component of openSUSE Leap 42.2 Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. CVE-2016-9445 openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-lang-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-32bit-1.8.3-3.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00045.html https://www.suse.com/security/cve/CVE-2016-9445.html CVE-2016-9445 https://bugzilla.suse.com/1010829 SUSE Bug 1010829 The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. CVE-2016-9446 openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-lang-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-32bit-1.8.3-3.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00045.html https://www.suse.com/security/cve/CVE-2016-9446.html CVE-2016-9446 https://bugzilla.suse.com/1010829 SUSE Bug 1010829 Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. CVE-2016-9809 openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-lang-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-32bit-1.8.3-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00045.html https://www.suse.com/security/cve/CVE-2016-9809.html CVE-2016-9809 https://bugzilla.suse.com/1013659 SUSE Bug 1013659 The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. CVE-2016-9812 openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-lang-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-32bit-1.8.3-3.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00045.html https://www.suse.com/security/cve/CVE-2016-9812.html CVE-2016-9812 https://bugzilla.suse.com/1013678 SUSE Bug 1013678 The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. CVE-2016-9813 openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-lang-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstgl-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-1.8.3-3.1 openSUSE Leap 42.2:libgstvdpau-32bit-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-1.8.3-3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-32bit-1.8.3-3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-01/msg00045.html https://www.suse.com/security/cve/CVE-2016-9813.html CVE-2016-9813 https://bugzilla.suse.com/1013680 SUSE Bug 1013680