ALT-BU-2016-3176-1
Branch sisyphus update bulletin.
Package btrfs-progs updated to version 4.8.4-alt1 for branch sisyphus in task 173701.
Closed bugs
Текущая версия ломает сборку docker
Closed bugs
ALT Linux --> ALT
Package kernel-modules-nvidia-un-def updated to version 375.20-alt1.264203.1 for branch sisyphus in task 173708.
Closed bugs
В 304.132 не работает glx.
Package gstreamer1.0 updated to version 1.10.2-alt1 for branch sisyphus in task 173706.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2016-9634
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.
- RHSA-2016:2975
- RHSA-2016:2975
- RHSA-2017:0019
- RHSA-2017:0019
- RHSA-2017:0020
- RHSA-2017:0020
- DSA-3723
- DSA-3723
- DSA-3724
- DSA-3724
- [oss-security] 20161123 Re: CVE Request: gstreamer plugins
- [oss-security] 20161123 Re: CVE Request: gstreamer plugins
- 94499
- 94499
- https://bugzilla.gnome.org/show_bug.cgi?id=774834
- https://bugzilla.gnome.org/show_bug.cgi?id=774834
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
- https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9635
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.
- RHSA-2016:2975
- RHSA-2016:2975
- RHSA-2017:0019
- RHSA-2017:0019
- RHSA-2017:0020
- RHSA-2017:0020
- DSA-3723
- DSA-3723
- DSA-3724
- DSA-3724
- [oss-security] 20161123 Re: CVE Request: gstreamer plugins
- [oss-security] 20161123 Re: CVE Request: gstreamer plugins
- 94499
- 94499
- https://bugzilla.gnome.org/show_bug.cgi?id=774834
- https://bugzilla.gnome.org/show_bug.cgi?id=774834
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
- https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9636
Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.
- RHSA-2016:2975
- RHSA-2016:2975
- RHSA-2017:0019
- RHSA-2017:0019
- RHSA-2017:0020
- RHSA-2017:0020
- DSA-3723
- DSA-3723
- DSA-3724
- DSA-3724
- [oss-security] 20161123 Re: CVE Request: gstreamer plugins
- [oss-security] 20161123 Re: CVE Request: gstreamer plugins
- 94499
- 94499
- https://bugzilla.gnome.org/show_bug.cgi?id=774834
- https://bugzilla.gnome.org/show_bug.cgi?id=774834
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
- https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-advancing-exploitation.html
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9807
The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via a crafted FLIC file.
- RHSA-2016:2975
- RHSA-2016:2975
- RHSA-2017:0019
- RHSA-2017:0019
- RHSA-2017:0020
- RHSA-2017:0020
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- 95148
- 95148
- https://bugzilla.gnome.org/show_bug.cgi?id=774859
- https://bugzilla.gnome.org/show_bug.cgi?id=774859
- https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
- https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9808
The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds write and crash) via a crafted series of skip and count pairs.
- RHSA-2016:2975
- RHSA-2016:2975
- RHSA-2017:0019
- RHSA-2017:0019
- RHSA-2017:0020
- RHSA-2017:0020
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- 95446
- 95446
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
- https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9809
Off-by-one error in the gst_h264_parse_set_caps function in GStreamer before 1.10.2 allows remote attackers to have unspecified impact via a crafted file, which triggers an out-of-bounds read.
- RHSA-2017:0018
- RHSA-2017:0018
- RHSA-2017:0021
- RHSA-2017:0021
- DSA-3818
- DSA-3818
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- 95147
- 95147
- https://bugzilla.gnome.org/show_bug.cgi?id=774896
- https://bugzilla.gnome.org/show_bug.cgi?id=774896
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- [debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
- [debian-lts-announce] 20200331 [SECURITY] [DLA 2164-1] gst-plugins-bad0.10 security update
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9810
The gst_decode_chain_free_internal function in the flxdex decoder in gst-plugins-good in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (invalid memory read and crash) via an invalid file, which triggers an incorrect unref call.
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- 95163
- 95163
- RHSA-2017:2060
- RHSA-2017:2060
- https://bugzilla.gnome.org/show_bug.cgi?id=774897
- https://bugzilla.gnome.org/show_bug.cgi?id=774897
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9811
The windows_icon_typefind function in gst-plugins-base in GStreamer before 1.10.2, when G_SLICE is set to always-malloc, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted ico file.
- DSA-3819
- DSA-3819
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- 95161
- 95161
- RHSA-2017:2060
- RHSA-2017:2060
- https://bugzilla.gnome.org/show_bug.cgi?id=774902
- https://bugzilla.gnome.org/show_bug.cgi?id=774902
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- [debian-lts-announce] 20200228 [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update
- [debian-lts-announce] 20200228 [SECURITY] [DLA 2126-1] gst-plugins-base0.10 security update
- FEDORA-2021-ed54b1128a
- FEDORA-2021-ed54b1128a
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9812
The gst_mpegts_section_new function in the mpegts decoder in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a too small section.
- RHSA-2017:0021
- RHSA-2017:0021
- DSA-3818
- DSA-3818
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- 95160
- 95160
- https://bugzilla.gnome.org/show_bug.cgi?id=775048
- https://bugzilla.gnome.org/show_bug.cgi?id=775048
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- GLSA-201705-10
- GLSA-201705-10
Modified: 2024-11-21
CVE-2016-9813
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
- RHSA-2017:0021
- RHSA-2017:0021
- DSA-3818
- DSA-3818
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161201 gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- [oss-security] 20161204 Re: gstreamer multiple issues
- 95158
- 95158
- https://bugzilla.gnome.org/show_bug.cgi?id=775120
- https://bugzilla.gnome.org/show_bug.cgi?id=775120
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- https://gstreamer.freedesktop.org/releases/1.10/#1.10.2
- GLSA-201705-10
- GLSA-201705-10
- 42162
- 42162