Security update for libgme SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2016:3250-1 Final 1 1 2016-12-22T15:10:53Z current 2016-12-22T15:10:53Z 2016-12-22T15:10:53Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libgme This update for libgme fixes the following issues: - CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961: Various issues were fixed in the handling of SPC music files that could have been exploited for gaining privileges of desktop users. [bsc#1015941] The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-DESKTOP-12-SP1-2016-1898,SUSE-SLE-DESKTOP-12-SP2-2016-1898,SUSE-SLE-RPI-12-SP2-2016-1898,SUSE-SLE-SDK-12-SP1-2016-1898,SUSE-SLE-SDK-12-SP2-2016-1898,SUSE-SLE-SERVER-12-SP1-2016-1898,SUSE-SLE-SERVER-12-SP2-2016-1898 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/ Link for SUSE-SU-2016:3250-1 https://lists.opensuse.org/opensuse-security-announce/2016-12/msg00090.html E-Mail link for SUSE-SU-2016:3250-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1015941 SUSE Bug 1015941 https://www.suse.com/security/cve/CVE-2016-9957/ SUSE CVE CVE-2016-9957 page https://www.suse.com/security/cve/CVE-2016-9958/ SUSE CVE CVE-2016-9958 page https://www.suse.com/security/cve/CVE-2016-9959/ SUSE CVE CVE-2016-9959 page https://www.suse.com/security/cve/CVE-2016-9960/ SUSE CVE CVE-2016-9960 page https://www.suse.com/security/cve/CVE-2016-9961/ SUSE CVE CVE-2016-9961 page SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 libgme0-0.6.0-5.1 libgme-devel-0.6.0-5.1 libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Desktop 12 SP1 libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Desktop 12 SP2 libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server 12 SP1 libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server 12 SP2 libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1 libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 libgme-devel-0.6.0-5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1 libgme-devel-0.6.0-5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2 Stack-based buffer overflow in game-music-emu before 0.6.1. CVE-2016-9957 SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/ https://www.suse.com/security/cve/CVE-2016-9957.html CVE-2016-9957 https://bugzilla.suse.com/1015941 SUSE Bug 1015941 game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations. CVE-2016-9958 SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/ https://www.suse.com/security/cve/CVE-2016-9958.html CVE-2016-9958 https://bugzilla.suse.com/1015941 SUSE Bug 1015941 game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values. CVE-2016-9959 SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/ https://www.suse.com/security/cve/CVE-2016-9959.html CVE-2016-9959 https://bugzilla.suse.com/1015941 SUSE Bug 1015941 game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash). CVE-2016-9960 SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1 important 2.6 AV:N/AC:H/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/ https://www.suse.com/security/cve/CVE-2016-9960.html CVE-2016-9960 https://bugzilla.suse.com/1015941 SUSE Bug 1015941 game-music-emu before 0.6.1 mishandles unspecified integer values. CVE-2016-9961 SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1 SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1 important 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/ https://www.suse.com/security/cve/CVE-2016-9961.html CVE-2016-9961 https://bugzilla.suse.com/1015941 SUSE Bug 1015941