Security update for gstreamer-plugins-base SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0574-1 Final 1 1 2017-02-28T16:38:56Z current 2017-02-28T16:38:56Z 2017-02-28T16:38:56Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gstreamer-plugins-base This update for gstreamer-plugins-base fixes the following security issues: - A crafted AVI file could have caused a floating point exception leading to DoS (bsc#1024076, CVE-2017-5837, bsc#1024079, CVE-2017-5844) - A crafted AVI file could have caused a stack overflow leading to DoS (bsc#1024047, CVE-2017-5839) - A crafted SAMI subtitle file could have caused an invalid memory access possibly leading to DoS or corruption (bsc#1024041, CVE-2017-5842) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-02/msg00117.html E-Mail link for openSUSE-SU-2017:0574-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 gstreamer-plugins-base-1.4.5-8.1 gstreamer-plugins-base-32bit-1.4.5-8.1 gstreamer-plugins-base-devel-1.4.5-8.1 gstreamer-plugins-base-doc-1.4.5-8.1 gstreamer-plugins-base-lang-1.4.5-8.1 libgstallocators-1_0-0-1.4.5-8.1 libgstallocators-1_0-0-32bit-1.4.5-8.1 libgstapp-1_0-0-1.4.5-8.1 libgstapp-1_0-0-32bit-1.4.5-8.1 libgstaudio-1_0-0-1.4.5-8.1 libgstaudio-1_0-0-32bit-1.4.5-8.1 libgstfft-1_0-0-1.4.5-8.1 libgstfft-1_0-0-32bit-1.4.5-8.1 libgstpbutils-1_0-0-1.4.5-8.1 libgstpbutils-1_0-0-32bit-1.4.5-8.1 libgstriff-1_0-0-1.4.5-8.1 libgstriff-1_0-0-32bit-1.4.5-8.1 libgstrtp-1_0-0-1.4.5-8.1 libgstrtp-1_0-0-32bit-1.4.5-8.1 libgstrtsp-1_0-0-1.4.5-8.1 libgstrtsp-1_0-0-32bit-1.4.5-8.1 libgstsdp-1_0-0-1.4.5-8.1 libgstsdp-1_0-0-32bit-1.4.5-8.1 libgsttag-1_0-0-1.4.5-8.1 libgsttag-1_0-0-32bit-1.4.5-8.1 libgstvideo-1_0-0-1.4.5-8.1 libgstvideo-1_0-0-32bit-1.4.5-8.1 typelib-1_0-GstAllocators-1_0-1.4.5-8.1 typelib-1_0-GstApp-1_0-1.4.5-8.1 typelib-1_0-GstAudio-1_0-1.4.5-8.1 typelib-1_0-GstFft-1_0-1.4.5-8.1 typelib-1_0-GstPbutils-1_0-1.4.5-8.1 typelib-1_0-GstRiff-1_0-1.4.5-8.1 typelib-1_0-GstRtp-1_0-1.4.5-8.1 typelib-1_0-GstRtsp-1_0-1.4.5-8.1 typelib-1_0-GstSdp-1_0-1.4.5-8.1 typelib-1_0-GstTag-1_0-1.4.5-8.1 typelib-1_0-GstVideo-1_0-1.4.5-8.1 gstreamer-plugins-base-1.4.5-8.1 as a component of openSUSE Leap 42.1 gstreamer-plugins-base-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 gstreamer-plugins-base-devel-1.4.5-8.1 as a component of openSUSE Leap 42.1 gstreamer-plugins-base-doc-1.4.5-8.1 as a component of openSUSE Leap 42.1 gstreamer-plugins-base-lang-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstallocators-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstallocators-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstapp-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstapp-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstaudio-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstaudio-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstfft-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstfft-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstpbutils-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstpbutils-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstriff-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstriff-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstrtp-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstrtp-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstrtsp-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstrtsp-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstsdp-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstsdp-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgsttag-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgsttag-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstvideo-1_0-0-1.4.5-8.1 as a component of openSUSE Leap 42.1 libgstvideo-1_0-0-32bit-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstAllocators-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstApp-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstAudio-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstFft-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstPbutils-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstRiff-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstRtp-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstRtsp-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstSdp-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstTag-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 typelib-1_0-GstVideo-1_0-1.4.5-8.1 as a component of openSUSE Leap 42.1 The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted video file. CVE-2017-5837 openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-lang-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAllocators-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstApp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAudio-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstFft-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstPbutils-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRiff-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtsp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstSdp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstTag-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstVideo-1_0-1.4.5-8.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00117.html https://www.suse.com/security/cve/CVE-2017-5837.html CVE-2017-5837 https://bugzilla.suse.com/1023259 SUSE Bug 1023259 https://bugzilla.suse.com/1024076 SUSE Bug 1024076 https://bugzilla.suse.com/1024079 SUSE Bug 1024079 The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 does not properly limit recursion, which allows remote attackers to cause a denial of service (stack overflow and crash) via vectors involving nested WAVEFORMATEX. CVE-2017-5839 openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-lang-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAllocators-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstApp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAudio-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstFft-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstPbutils-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRiff-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtsp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstSdp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstTag-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstVideo-1_0-1.4.5-8.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00117.html https://www.suse.com/security/cve/CVE-2017-5839.html CVE-2017-5839 https://bugzilla.suse.com/1023259 SUSE Bug 1023259 https://bugzilla.suse.com/1024047 SUSE Bug 1024047 The html_context_handle_element function in gst/subparse/samiparse.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted SMI file, as demonstrated by OneNote_Manager.smi. CVE-2017-5842 openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-lang-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAllocators-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstApp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAudio-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstFft-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstPbutils-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRiff-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtsp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstSdp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstTag-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstVideo-1_0-1.4.5-8.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00117.html https://www.suse.com/security/cve/CVE-2017-5842.html CVE-2017-5842 https://bugzilla.suse.com/1023259 SUSE Bug 1023259 https://bugzilla.suse.com/1024041 SUSE Bug 1024041 The gst_riff_create_audio_caps function in gst-libs/gst/riff/riff-media.c in gst-plugins-base in GStreamer before 1.10.3 allows remote attackers to cause a denial of service (floating point exception and crash) via a crafted ASF file. CVE-2017-5844 openSUSE Leap 42.1:gstreamer-plugins-base-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-32bit-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-devel-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-doc-1.4.5-8.1 openSUSE Leap 42.1:gstreamer-plugins-base-lang-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstallocators-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstapp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstaudio-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstfft-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstpbutils-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstriff-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstrtsp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstsdp-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgsttag-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-1.4.5-8.1 openSUSE Leap 42.1:libgstvideo-1_0-0-32bit-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAllocators-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstApp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstAudio-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstFft-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstPbutils-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRiff-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstRtsp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstSdp-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstTag-1_0-1.4.5-8.1 openSUSE Leap 42.1:typelib-1_0-GstVideo-1_0-1.4.5-8.1 low 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-02/msg00117.html https://www.suse.com/security/cve/CVE-2017-5844.html CVE-2017-5844 https://bugzilla.suse.com/1023259 SUSE Bug 1023259 https://bugzilla.suse.com/1024079 SUSE Bug 1024079