Login
Newsletter
Werbung

Sicherheit: Pufferüberlauf in gstreamer-plugins-bad
Aktuelle Meldungen Distributionen
Name: Pufferüberlauf in gstreamer-plugins-bad
ID: SUSE-SU-2021:1944-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Desktop Applications 15-SP3
Datum: Do, 10. Juni 2021, 23:15
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3185
Applikationen: gstreamer-plugins-bad

Originalnachricht


SUSE Security Update: Security update for gstreamer-plugins-bad
______________________________________________________________________________

Announcement ID: SUSE-SU-2021:1944-1
Rating: important
References: #1181255
Cross-References: CVE-2021-3185
CVSS scores:
CVE-2021-3185 (NVD) : 9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3185 (SUSE): 7.1
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:
SUSE Linux Enterprise Module for Desktop Applications
15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

An update that fixes one vulnerability is now available.

Description:

This update for gstreamer-plugins-bad fixes the following issues:

- Update to version 1.16.3:
- CVE-2021-3185: buffer overflow in
gst_h264_slice_parse_dec_ref_pic_marking() (bsc#1181255)
- amcvideodec: fix sync meta copying not taking a reference
- audiobuffersplit: Perform discont tracking on running time
- audiobuffersplit: Specify in the template caps that only interleaved
audio is supported
- audiobuffersplit: Unset DISCONT flag if not discontinuous
- autoconvert: Fix lock-less exchange or free condition
- autoconvert: fix compiler warnings with g_atomic on recent GLib versions
- avfvideosrc: element requests camera permissions even with
capture-screen property is true
- codecparsers: h264parser: guard against ref_pic_markings overflow
- dtlsconnection: Avoid segmentation fault when no srtp capabilities are
negotiated
- dtls/connection: fix EOF handling with openssl 1.1.1e
- fdkaacdec: add support for mpegversion=2
- hls: Check nettle version to ensure AES128 support
- ipcpipeline: Rework compiler checks
- interlace: Increment phase_index before checking if we're at the end
of
the phase
- h264parser: Do not allocate too large size of memory for registered
user data SEI
- ladspa: fix unbounded integer properties
- modplug: avoid division by zero
- msdkdec: Fix GstMsdkContext leak
- msdkenc: fix leaks on windows
- musepackdec: Don't fail all queries if no sample rate is known yet
- openslessink: Allow openslessink to handle 48kHz streams.
- opencv: allow compilation against 4.2.x
- proxysink: event_function needs to handle the event when it is
disconnecetd from proxysrc
- vulkan: Drop use of VK_RESULT_BEGIN_RANGE
- wasapi: added missing lock release in case of error in
gst_wasapi_xxx_reset
- wasapi: Fix possible deadlock while downwards state change
- waylandsink: Clear window when pipeline is stopped
- webrtc: Support non-trickle ICE candidates in the SDP
- webrtc: Unmap all non-binary buffers received via the datachannel


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

zypper in -t patch
SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1944=1

- SUSE Linux Enterprise Module for Basesystem 15-SP3:

zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1944=1



Package List:

- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64
ppc64le s390x x86_64):

gstreamer-plugins-bad-1.16.3-9.3.1
gstreamer-plugins-bad-chromaprint-1.16.3-9.3.1
gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-9.3.1
gstreamer-plugins-bad-debuginfo-1.16.3-9.3.1
gstreamer-plugins-bad-debugsource-1.16.3-9.3.1
gstreamer-plugins-bad-devel-1.16.3-9.3.1
libgstadaptivedemux-1_0-0-1.16.3-9.3.1
libgstadaptivedemux-1_0-0-debuginfo-1.16.3-9.3.1
libgstbadaudio-1_0-0-1.16.3-9.3.1
libgstbadaudio-1_0-0-debuginfo-1.16.3-9.3.1
libgstbasecamerabinsrc-1_0-0-1.16.3-9.3.1
libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-9.3.1
libgstcodecparsers-1_0-0-1.16.3-9.3.1
libgstcodecparsers-1_0-0-debuginfo-1.16.3-9.3.1
libgstinsertbin-1_0-0-1.16.3-9.3.1
libgstinsertbin-1_0-0-debuginfo-1.16.3-9.3.1
libgstisoff-1_0-0-1.16.3-9.3.1
libgstisoff-1_0-0-debuginfo-1.16.3-9.3.1
libgstmpegts-1_0-0-1.16.3-9.3.1
libgstmpegts-1_0-0-debuginfo-1.16.3-9.3.1
libgstplayer-1_0-0-1.16.3-9.3.1
libgstplayer-1_0-0-debuginfo-1.16.3-9.3.1
libgstsctp-1_0-0-1.16.3-9.3.1
libgstsctp-1_0-0-debuginfo-1.16.3-9.3.1
libgsturidownloader-1_0-0-1.16.3-9.3.1
libgsturidownloader-1_0-0-debuginfo-1.16.3-9.3.1
libgstwayland-1_0-0-1.16.3-9.3.1
libgstwayland-1_0-0-debuginfo-1.16.3-9.3.1
libgstwebrtc-1_0-0-1.16.3-9.3.1
libgstwebrtc-1_0-0-debuginfo-1.16.3-9.3.1
typelib-1_0-GstInsertBin-1_0-1.16.3-9.3.1
typelib-1_0-GstMpegts-1_0-1.16.3-9.3.1
typelib-1_0-GstPlayer-1_0-1.16.3-9.3.1
typelib-1_0-GstWebRTC-1_0-1.16.3-9.3.1

- SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch):

gstreamer-plugins-bad-lang-1.16.3-9.3.1

- SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):

gstreamer-plugins-bad-debuginfo-1.16.3-9.3.1
gstreamer-plugins-bad-debugsource-1.16.3-9.3.1
libgstphotography-1_0-0-1.16.3-9.3.1
libgstphotography-1_0-0-debuginfo-1.16.3-9.3.1


References:

https://www.suse.com/security/cve/CVE-2021-3185.html
https://bugzilla.suse.com/1181255
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung