Security update for gstreamer-0_10-plugins-base

Announcement ID:	SUSE-SU-2019:14076-1
Rating:	important
References:	bsc#1024076 bsc#1024079 bsc#1133375
Cross-References:	CVE-2017-5837 CVE-2017-5844 CVE-2019-9928
CVSS scores:	CVE-2017-5837 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2017-5844 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-9928 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-9928 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise Point of Service 11 SP3 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4

An update that solves three vulnerabilities can now be installed.

Description:

This update for gstreamer-0_10-plugins-base fixes the following issues:

Security issues fixed:

• CVE-2017-5837: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024076).
• CVE-2017-5844: Fixed a floating point exception in gst_riff_create_audio_caps (bsc#1024079).
• CVE-2019-9928: Fixed a heap-based overflow in the rtsp connection parser (bsc#1133375).

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Point of Service 11 SP3
  zypper in -t patch sleposp3-gstreamer-0_10-plugins-base-14076=1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4
  zypper in -t patch slessp4-gstreamer-0_10-plugins-base-14076=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-gstreamer-0_10-plugins-base-14076=1

Package List:

• SUSE Linux Enterprise Point of Service 11 SP3 (i586)
  • gstreamer-0_10-plugins-base-lang-0.10.35-5.18.5.1
  • libgstinterfaces-0_10-0-0.10.35-5.18.5.1
  • libgstapp-0_10-0-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-doc-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-0.10.35-5.18.5.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (ppc64 s390x x86_64 i586)
  • gstreamer-0_10-plugins-base-lang-0.10.35-5.18.5.1
  • libgstinterfaces-0_10-0-0.10.35-5.18.5.1
  • libgstapp-0_10-0-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-doc-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-0.10.35-5.18.5.1
• SUSE Linux Enterprise Server 11 SP4 LTSS 11-SP4 (ppc64 s390x x86_64)
  • libgstapp-0_10-0-32bit-0.10.35-5.18.5.1
  • libgstinterfaces-0_10-0-32bit-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-32bit-0.10.35-5.18.5.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64 i586)
  • gstreamer-0_10-plugins-base-lang-0.10.35-5.18.5.1
  • libgstinterfaces-0_10-0-0.10.35-5.18.5.1
  • libgstapp-0_10-0-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-doc-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-0.10.35-5.18.5.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64 s390x x86_64)
  • libgstapp-0_10-0-32bit-0.10.35-5.18.5.1
  • libgstinterfaces-0_10-0-32bit-0.10.35-5.18.5.1
  • gstreamer-0_10-plugins-base-32bit-0.10.35-5.18.5.1

References:

• https://www.suse.com/security/cve/CVE-2017-5837.html
• https://www.suse.com/security/cve/CVE-2017-5844.html
• https://www.suse.com/security/cve/CVE-2019-9928.html
• https://bugzilla.suse.com/show_bug.cgi?id=1024076
• https://bugzilla.suse.com/show_bug.cgi?id=1024079
• https://bugzilla.suse.com/show_bug.cgi?id=1133375