Security update for libgme
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2016:3250-1
Final
1
1
2016-12-22T15:10:53Z
current
2016-12-22T15:10:53Z
2016-12-22T15:10:53Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for libgme
This update for libgme fixes the following issues:
- CVE-2016-9957, CVE-2016-9958, CVE-2016-9959, CVE-2016-9960, CVE-2016-9961:
Various issues were fixed in the handling of SPC music files that could have
been exploited for gaining privileges of desktop users. [bsc#1015941]
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
SUSE-SLE-DESKTOP-12-SP1-2016-1898,SUSE-SLE-DESKTOP-12-SP2-2016-1898,SUSE-SLE-RPI-12-SP2-2016-1898,SUSE-SLE-SDK-12-SP1-2016-1898,SUSE-SLE-SDK-12-SP2-2016-1898,SUSE-SLE-SERVER-12-SP1-2016-1898,SUSE-SLE-SERVER-12-SP2-2016-1898
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/
Link for SUSE-SU-2016:3250-1
https://lists.suse.com/pipermail/sle-security-updates/2016-December/002517.html
E-Mail link for SUSE-SU-2016:3250-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1015941
SUSE Bug 1015941
https://www.suse.com/security/cve/CVE-2016-9957/
SUSE CVE CVE-2016-9957 page
https://www.suse.com/security/cve/CVE-2016-9958/
SUSE CVE CVE-2016-9958 page
https://www.suse.com/security/cve/CVE-2016-9959/
SUSE CVE CVE-2016-9959 page
https://www.suse.com/security/cve/CVE-2016-9960/
SUSE CVE CVE-2016-9960 page
https://www.suse.com/security/cve/CVE-2016-9961/
SUSE CVE CVE-2016-9961 page
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP2
libgme0-0.6.0-5.1
libgme-devel-0.6.0-5.1
libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Desktop 12 SP1
libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Desktop 12 SP2
libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server 12 SP1
libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server 12 SP2
libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP1
libgme0-0.6.0-5.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2
libgme-devel-0.6.0-5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP1
libgme-devel-0.6.0-5.1 as a component of SUSE Linux Enterprise Software Development Kit 12 SP2
Stack-based buffer overflow in game-music-emu before 0.6.1.
CVE-2016-9957
SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1
important
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/
https://www.suse.com/security/cve/CVE-2016-9957.html
CVE-2016-9957
https://bugzilla.suse.com/1015941
SUSE Bug 1015941
game-music-emu before 0.6.1 allows remote attackers to write to arbitrary memory locations.
CVE-2016-9958
SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1
important
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/
https://www.suse.com/security/cve/CVE-2016-9958.html
CVE-2016-9958
https://bugzilla.suse.com/1015941
SUSE Bug 1015941
game-music-emu before 0.6.1 allows remote attackers to generate out of bounds 8-bit values.
CVE-2016-9959
SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1
important
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/
https://www.suse.com/security/cve/CVE-2016-9959.html
CVE-2016-9959
https://bugzilla.suse.com/1015941
SUSE Bug 1015941
game-music-emu before 0.6.1 allows local users to cause a denial of service (divide by zero and process crash).
CVE-2016-9960
SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1
important
2.6
AV:N/AC:H/Au:N/C:N/I:N/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/
https://www.suse.com/security/cve/CVE-2016-9960.html
CVE-2016-9960
https://bugzilla.suse.com/1015941
SUSE Bug 1015941
game-music-emu before 0.6.1 mishandles unspecified integer values.
CVE-2016-9961
SUSE Linux Enterprise Desktop 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Desktop 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:libgme0-0.6.0-5.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:libgme0-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP1:libgme-devel-0.6.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP2:libgme-devel-0.6.0-5.1
important
5.1
AV:N/AC:H/Au:N/C:P/I:P/A:P
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2016/suse-su-20163250-1/
https://www.suse.com/security/cve/CVE-2016-9961.html
CVE-2016-9961
https://bugzilla.suse.com/1015941
SUSE Bug 1015941