Security update for gstreamer-plugins-bad SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3296-1 Final 1 1 2016-12-29T19:43:08Z current 2016-12-29T19:43:08Z 2016-12-29T19:43:08Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for gstreamer-plugins-bad This update for gstreamer-plugins-bad fixes the following security issues, which would allow attackers able to submit media files for indexing to cause code execution or crashes: - Check an integer overflow (CVE-2016-9445) and initialize a buffer (CVE-2016-9446) in vmncdec. (bsc#1010829) - CVE-2016-9809: Ensure codec_data has the right size when reading number of SPS (bsc#1013659). - CVE-2016-9812: Add more section size checks (bsc#1013678). - CVE-2016-9813: fix PAT parsing (bsc#1013680). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP2-2016-1933,SUSE-SLE-RPI-12-SP2-2016-1933,SUSE-SLE-SDK-12-SP2-2016-1933,SUSE-SLE-SERVER-12-SP2-2016-1933 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163296-1/ Link for SUSE-SU-2016:3296-1 https://lists.suse.com/pipermail/sle-security-updates/2016-December/002532.html E-Mail link for SUSE-SU-2016:3296-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1010829 SUSE Bug 1010829 https://bugzilla.suse.com/1013659 SUSE Bug 1013659 https://bugzilla.suse.com/1013678 SUSE Bug 1013678 https://bugzilla.suse.com/1013680 SUSE Bug 1013680 https://www.suse.com/security/cve/CVE-2016-9445/ SUSE CVE CVE-2016-9445 page https://www.suse.com/security/cve/CVE-2016-9446/ SUSE CVE CVE-2016-9446 page https://www.suse.com/security/cve/CVE-2016-9809/ SUSE CVE CVE-2016-9809 page https://www.suse.com/security/cve/CVE-2016-9812/ SUSE CVE CVE-2016-9812 page https://www.suse.com/security/cve/CVE-2016-9813/ SUSE CVE CVE-2016-9813 page SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP2 gstreamer-plugins-bad-1.8.3-14.1 gstreamer-plugins-bad-lang-1.8.3-14.1 libgstadaptivedemux-1_0-0-1.8.3-14.1 libgstbadaudio-1_0-0-1.8.3-14.1 libgstbadbase-1_0-0-1.8.3-14.1 libgstbadvideo-1_0-0-1.8.3-14.1 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 libgstcodecparsers-1_0-0-1.8.3-14.1 libgstgl-1_0-0-1.8.3-14.1 libgstmpegts-1_0-0-1.8.3-14.1 libgstphotography-1_0-0-1.8.3-14.1 libgsturidownloader-1_0-0-1.8.3-14.1 gstreamer-plugins-bad-devel-1.8.3-14.1 libgstinsertbin-1_0-0-1.8.3-14.1 gstreamer-plugins-bad-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 gstreamer-plugins-bad-lang-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstadaptivedemux-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstbadaudio-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstbadbase-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstbadvideo-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstcodecparsers-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstgl-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstmpegts-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgstphotography-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgsturidownloader-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 gstreamer-plugins-bad-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 gstreamer-plugins-bad-lang-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstadaptivedemux-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstbadaudio-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstbadbase-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstbadvideo-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstcodecparsers-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstgl-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstmpegts-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgstphotography-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgsturidownloader-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server 12 SP2 gstreamer-plugins-bad-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 gstreamer-plugins-bad-lang-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstadaptivedemux-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstbadaudio-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstbadbase-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstbadvideo-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstcodecparsers-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstgl-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstmpegts-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgstphotography-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgsturidownloader-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 gstreamer-plugins-bad-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 gstreamer-plugins-bad-lang-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstadaptivedemux-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstbadaudio-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstbadbase-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstbadvideo-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstcodecparsers-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstgl-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstmpegts-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgstphotography-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgsturidownloader-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 gstreamer-plugins-bad-devel-1.8.3-14.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 libgstinsertbin-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 libgsturidownloader-1_0-0-1.8.3-14.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow. CVE-2016-9445 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:gstreamer-plugins-bad-devel-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgstinsertbin-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 moderate 3.3 AV:L/AC:M/Au:N/C:N/I:P/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163296-1/ https://www.suse.com/security/cve/CVE-2016-9445.html CVE-2016-9445 https://bugzilla.suse.com/1010829 SUSE Bug 1010829 The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas. CVE-2016-9446 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:gstreamer-plugins-bad-devel-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgstinsertbin-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 moderate 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163296-1/ https://www.suse.com/security/cve/CVE-2016-9446.html CVE-2016-9446 https://bugzilla.suse.com/1010829 SUSE Bug 1010829 Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read. CVE-2016-9809 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:gstreamer-plugins-bad-devel-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgstinsertbin-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163296-1/ https://www.suse.com/security/cve/CVE-2016-9809.html CVE-2016-9809 https://bugzilla.suse.com/1013659 SUSE Bug 1013659 The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section. CVE-2016-9812 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:gstreamer-plugins-bad-devel-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgstinsertbin-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163296-1/ https://www.suse.com/security/cve/CVE-2016-9812.html CVE-2016-9812 https://bugzilla.suse.com/1013678 SUSE Bug 1013678 The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file. CVE-2016-9813 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Desktop 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:gstreamer-plugins-bad-lang-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstadaptivedemux-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadaudio-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadbase-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbadvideo-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstbasecamerabinsrc-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstcodecparsers-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstgl-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstmpegts-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgstphotography-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:gstreamer-plugins-bad-devel-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgstinsertbin-1_0-0-1.8.3-14.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgsturidownloader-1_0-0-1.8.3-14.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163296-1/ https://www.suse.com/security/cve/CVE-2016-9813.html CVE-2016-9813 https://bugzilla.suse.com/1013680 SUSE Bug 1013680