Security update for gstreamer-0_10-plugins-bad SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2015:0942-1 Final 1 1 2015-04-24T15:04:46Z current 2015-04-24T15:04:46Z 2015-04-24T15:04:46Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gstreamer-0_10-plugins-bad gstreamer-0_10-plugins-bad was updated to fix a security issue, a buffer overflow in mp4 parsing (bnc#927559 CVE-2015-0797). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-2015-211,SUSE-SLE-SDK-12-2015-211,SUSE-SLE-WE-12-2015-211 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2015/suse-su-20150942-1/ Link for SUSE-SU-2015:0942-1 https://lists.suse.com/pipermail/sle-security-updates/2015-May/001405.html E-Mail link for SUSE-SU-2015:0942-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/927559 SUSE Bug 927559 https://www.suse.com/security/cve/CVE-2015-0797/ SUSE CVE CVE-2015-0797 page SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Software Development Kit 12 SUSE Linux Enterprise Workstation Extension 12 gstreamer-0_10-plugins-bad-0.10.23-17.1 gstreamer-0_10-plugins-bad-lang-0.10.23-17.1 libgstbasecamerabinsrc-0_10-23-0.10.23-17.1 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-17.1 libgstbasevideo-0_10-23-0.10.23-17.1 libgstbasevideo-0_10-23-32bit-0.10.23-17.1 libgstcodecparsers-0_10-23-0.10.23-17.1 libgstphotography-0_10-23-0.10.23-17.1 libgstphotography-0_10-23-32bit-0.10.23-17.1 libgstsignalprocessor-0_10-23-0.10.23-17.1 libgstsignalprocessor-0_10-23-32bit-0.10.23-17.1 libgstvdp-0_10-23-0.10.23-17.1 libgstvdp-0_10-23-32bit-0.10.23-17.1 gstreamer-0_10-plugins-bad-devel-0.10.23-17.1 gstreamer-0_10-plugins-bad-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 gstreamer-0_10-plugins-bad-lang-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstbasecamerabinsrc-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstbasevideo-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstbasevideo-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstcodecparsers-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstphotography-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstphotography-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstsignalprocessor-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstsignalprocessor-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstvdp-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 libgstvdp-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Desktop 12 gstreamer-0_10-plugins-bad-devel-0.10.23-17.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libgstbasecamerabinsrc-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libgstbasevideo-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libgstcodecparsers-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libgstphotography-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libgstsignalprocessor-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Software Development Kit 12 libgstvdp-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Software Development Kit 12 gstreamer-0_10-plugins-bad-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 gstreamer-0_10-plugins-bad-lang-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstbasecamerabinsrc-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstbasevideo-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstbasevideo-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstcodecparsers-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstphotography-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstphotography-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstsignalprocessor-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstsignalprocessor-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstvdp-0_10-23-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 libgstvdp-0_10-23-32bit-0.10.23-17.1 as a component of SUSE Linux Enterprise Workstation Extension 12 GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. CVE-2015-0797 SUSE Linux Enterprise Desktop 12:gstreamer-0_10-plugins-bad-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:gstreamer-0_10-plugins-bad-lang-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstbasecamerabinsrc-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstbasevideo-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstbasevideo-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstcodecparsers-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstphotography-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstphotography-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstsignalprocessor-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstsignalprocessor-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstvdp-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Desktop 12:libgstvdp-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Software Development Kit 12:gstreamer-0_10-plugins-bad-devel-0.10.23-17.1 SUSE Linux Enterprise Software Development Kit 12:libgstbasecamerabinsrc-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Software Development Kit 12:libgstbasevideo-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Software Development Kit 12:libgstcodecparsers-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Software Development Kit 12:libgstphotography-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Software Development Kit 12:libgstsignalprocessor-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Software Development Kit 12:libgstvdp-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:gstreamer-0_10-plugins-bad-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:gstreamer-0_10-plugins-bad-lang-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstbasecamerabinsrc-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstbasecamerabinsrc-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstbasevideo-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstbasevideo-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstcodecparsers-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstphotography-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstphotography-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstsignalprocessor-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstsignalprocessor-0_10-23-32bit-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstvdp-0_10-23-0.10.23-17.1 SUSE Linux Enterprise Workstation Extension 12:libgstvdp-0_10-23-32bit-0.10.23-17.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2015/suse-su-20150942-1/ https://www.suse.com/security/cve/CVE-2015-0797.html CVE-2015-0797 https://bugzilla.suse.com/927559 SUSE Bug 927559 https://bugzilla.suse.com/930622 SUSE Bug 930622