SUSE-SU-2021:1944-1: important: Security update for gstreamer-plugins-bad

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Jun 10 13:50:40 UTC 2021 

   SUSE Security Update: Security update for gstreamer-plugins-bad
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:1944-1
Rating:             important
References:         #1181255 
Cross-References:   CVE-2021-3185
CVSS scores:
                    CVE-2021-3185 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2021-3185 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Linux Enterprise Module for Desktop Applications 15-SP3
                    SUSE Linux Enterprise Module for Basesystem 15-SP3
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   This update for gstreamer-plugins-bad fixes the following issues:

   - Update to version 1.16.3:
    - CVE-2021-3185: buffer overflow in
      gst_h264_slice_parse_dec_ref_pic_marking() (bsc#1181255)
    - amcvideodec: fix sync meta copying not taking a reference
    - audiobuffersplit: Perform discont tracking on running time
    - audiobuffersplit: Specify in the template caps that only interleaved
      audio is supported
    - audiobuffersplit: Unset DISCONT flag if not discontinuous
    - autoconvert: Fix lock-less exchange or free condition
    - autoconvert: fix compiler warnings with g_atomic on recent GLib versions
    - avfvideosrc: element requests camera permissions even with
      capture-screen property is true
    - codecparsers: h264parser: guard against ref_pic_markings overflow
    - dtlsconnection: Avoid segmentation fault when no srtp capabilities are
      negotiated
    - dtls/connection: fix EOF handling with openssl 1.1.1e
    - fdkaacdec: add support for mpegversion=2
    - hls: Check nettle version to ensure AES128 support
    - ipcpipeline: Rework compiler checks
    - interlace: Increment phase_index before checking if we're at the end of
      the phase
    - h264parser: Do not allocate too large size of memory for registered
      user data SEI
    - ladspa: fix unbounded integer properties
    - modplug: avoid division by zero
    - msdkdec: Fix GstMsdkContext leak
    - msdkenc: fix leaks on windows
    - musepackdec: Don't fail all queries if no sample rate is known yet
    - openslessink: Allow openslessink to handle 48kHz streams.
    - opencv: allow compilation against 4.2.x
    - proxysink: event_function needs to handle the event when it is
      disconnecetd from proxysrc
    - vulkan: Drop use of VK_RESULT_BEGIN_RANGE
    - wasapi: added missing lock release in case of error in
      gst_wasapi_xxx_reset
    - wasapi: Fix possible deadlock while downwards state change
    - waylandsink: Clear window when pipeline is stopped
    - webrtc: Support non-trickle ICE candidates in the SDP
    - webrtc: Unmap all non-binary buffers received via the datachannel


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2021-1944=1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3:

      zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1944=1



Package List:

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64):

      gstreamer-plugins-bad-1.16.3-9.3.1
      gstreamer-plugins-bad-chromaprint-1.16.3-9.3.1
      gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-9.3.1
      gstreamer-plugins-bad-debuginfo-1.16.3-9.3.1
      gstreamer-plugins-bad-debugsource-1.16.3-9.3.1
      gstreamer-plugins-bad-devel-1.16.3-9.3.1
      libgstadaptivedemux-1_0-0-1.16.3-9.3.1
      libgstadaptivedemux-1_0-0-debuginfo-1.16.3-9.3.1
      libgstbadaudio-1_0-0-1.16.3-9.3.1
      libgstbadaudio-1_0-0-debuginfo-1.16.3-9.3.1
      libgstbasecamerabinsrc-1_0-0-1.16.3-9.3.1
      libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-9.3.1
      libgstcodecparsers-1_0-0-1.16.3-9.3.1
      libgstcodecparsers-1_0-0-debuginfo-1.16.3-9.3.1
      libgstinsertbin-1_0-0-1.16.3-9.3.1
      libgstinsertbin-1_0-0-debuginfo-1.16.3-9.3.1
      libgstisoff-1_0-0-1.16.3-9.3.1
      libgstisoff-1_0-0-debuginfo-1.16.3-9.3.1
      libgstmpegts-1_0-0-1.16.3-9.3.1
      libgstmpegts-1_0-0-debuginfo-1.16.3-9.3.1
      libgstplayer-1_0-0-1.16.3-9.3.1
      libgstplayer-1_0-0-debuginfo-1.16.3-9.3.1
      libgstsctp-1_0-0-1.16.3-9.3.1
      libgstsctp-1_0-0-debuginfo-1.16.3-9.3.1
      libgsturidownloader-1_0-0-1.16.3-9.3.1
      libgsturidownloader-1_0-0-debuginfo-1.16.3-9.3.1
      libgstwayland-1_0-0-1.16.3-9.3.1
      libgstwayland-1_0-0-debuginfo-1.16.3-9.3.1
      libgstwebrtc-1_0-0-1.16.3-9.3.1
      libgstwebrtc-1_0-0-debuginfo-1.16.3-9.3.1
      typelib-1_0-GstInsertBin-1_0-1.16.3-9.3.1
      typelib-1_0-GstMpegts-1_0-1.16.3-9.3.1
      typelib-1_0-GstPlayer-1_0-1.16.3-9.3.1
      typelib-1_0-GstWebRTC-1_0-1.16.3-9.3.1

   - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch):

      gstreamer-plugins-bad-lang-1.16.3-9.3.1

   - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64):

      gstreamer-plugins-bad-debuginfo-1.16.3-9.3.1
      gstreamer-plugins-bad-debugsource-1.16.3-9.3.1
      libgstphotography-1_0-0-1.16.3-9.3.1
      libgstphotography-1_0-0-debuginfo-1.16.3-9.3.1


References:

   https://www.suse.com/security/cve/CVE-2021-3185.html
   https://bugzilla.suse.com/1181255

More information about the sle-security-updates mailing list