Security update for gstreamer-plugins-bad SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1032-1 Final 1 1 2017-04-18T06:06:37Z current 2017-04-18T06:06:37Z 2017-04-18T06:06:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gstreamer-plugins-bad This update for gstreamer-plugins-bad fixes the following issues: Security issues fixed: - CVE-2017-5843: set stream tags to NULL after unrefing (bsc#1024044). - CVE-2017-5848: rewrite PSM parsing to add bounds checking (bsc#1024068). This update was imported from the SUSE:SLE-12-SP2:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-04/msg00059.html E-Mail link for openSUSE-SU-2017:1032-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 gstreamer-plugins-bad-1.8.3-5.3.1 gstreamer-plugins-bad-32bit-1.8.3-5.3.1 gstreamer-plugins-bad-devel-1.8.3-5.3.1 gstreamer-plugins-bad-doc-1.8.3-5.3.1 gstreamer-plugins-bad-lang-1.8.3-5.3.1 libgstadaptivedemux-1_0-0-1.8.3-5.3.1 libgstadaptivedemux-1_0-0-32bit-1.8.3-5.3.1 libgstbadaudio-1_0-0-1.8.3-5.3.1 libgstbadaudio-1_0-0-32bit-1.8.3-5.3.1 libgstbadbase-1_0-0-1.8.3-5.3.1 libgstbadbase-1_0-0-32bit-1.8.3-5.3.1 libgstbadvideo-1_0-0-1.8.3-5.3.1 libgstbadvideo-1_0-0-32bit-1.8.3-5.3.1 libgstbasecamerabinsrc-1_0-0-1.8.3-5.3.1 libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-5.3.1 libgstcodecparsers-1_0-0-1.8.3-5.3.1 libgstcodecparsers-1_0-0-32bit-1.8.3-5.3.1 libgstgl-1_0-0-1.8.3-5.3.1 libgstgl-1_0-0-32bit-1.8.3-5.3.1 libgstinsertbin-1_0-0-1.8.3-5.3.1 libgstinsertbin-1_0-0-32bit-1.8.3-5.3.1 libgstmpegts-1_0-0-1.8.3-5.3.1 libgstmpegts-1_0-0-32bit-1.8.3-5.3.1 libgstphotography-1_0-0-1.8.3-5.3.1 libgstphotography-1_0-0-32bit-1.8.3-5.3.1 libgstplayer-1_0-0-1.8.3-5.3.1 libgstplayer-1_0-0-32bit-1.8.3-5.3.1 libgsturidownloader-1_0-0-1.8.3-5.3.1 libgsturidownloader-1_0-0-32bit-1.8.3-5.3.1 libgstvdpau-1.8.3-5.3.1 libgstvdpau-32bit-1.8.3-5.3.1 libgstwayland-1_0-0-1.8.3-5.3.1 libgstwayland-1_0-0-32bit-1.8.3-5.3.1 gstreamer-plugins-bad-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-devel-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-doc-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 gstreamer-plugins-bad-lang-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstadaptivedemux-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstadaptivedemux-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbadaudio-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbadaudio-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbadbase-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbadbase-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbadvideo-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbadvideo-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbasecamerabinsrc-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstcodecparsers-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstcodecparsers-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstgl-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstgl-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstinsertbin-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstinsertbin-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstmpegts-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstmpegts-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstphotography-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstphotography-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstplayer-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstplayer-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgsturidownloader-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgsturidownloader-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstvdpau-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstvdpau-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstwayland-1_0-0-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 libgstwayland-1_0-0-32bit-1.8.3-5.3.1 as a component of openSUSE Leap 42.2 Multiple use-after-free vulnerabilities in the (1) gst_mini_object_unref, (2) gst_tag_list_unref, and (3) gst_mxf_demux_update_essence_tracks functions in GStreamer before 1.10.3 allow remote attackers to cause a denial of service (crash) via vectors involving stream tags, as demonstrated by 02785736.mxf. CVE-2017-5843 openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-lang-1.8.3-5.3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstgl-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstgl-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstvdpau-1.8.3-5.3.1 openSUSE Leap 42.2:libgstvdpau-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-32bit-1.8.3-5.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00059.html https://www.suse.com/security/cve/CVE-2017-5843.html CVE-2017-5843 https://bugzilla.suse.com/1023259 SUSE Bug 1023259 https://bugzilla.suse.com/1024044 SUSE Bug 1024044 The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. CVE-2017-5848 openSUSE Leap 42.2:gstreamer-plugins-bad-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-devel-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-doc-1.8.3-5.3.1 openSUSE Leap 42.2:gstreamer-plugins-bad-lang-1.8.3-5.3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstadaptivedemux-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadaudio-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadbase-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbadvideo-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstbasecamerabinsrc-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstcodecparsers-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstgl-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstgl-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstinsertbin-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstmpegts-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstphotography-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstplayer-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgsturidownloader-1_0-0-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstvdpau-1.8.3-5.3.1 openSUSE Leap 42.2:libgstvdpau-32bit-1.8.3-5.3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-1.8.3-5.3.1 openSUSE Leap 42.2:libgstwayland-1_0-0-32bit-1.8.3-5.3.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-04/msg00059.html https://www.suse.com/security/cve/CVE-2017-5848.html CVE-2017-5848 https://bugzilla.suse.com/1023259 SUSE Bug 1023259 https://bugzilla.suse.com/1024068 SUSE Bug 1024068