SUSE-SU-2024:3198-1
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20243198-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:3198-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:3198-1
- Related
- Published
- 2024-09-10T15:33:55Z
- Modified
- 2024-09-10T15:33:55Z
- Summary
- Security update for gstreamer-plugins-bad
- Details
-
This update for gstreamer-plugins-bad fixes the following issues:
- Dropped support for libmfx to fix the following CVEs:
- libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
- libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
- libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
- libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
- libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
- Dropped support for libmfx to fix the following CVEs:
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20243198-1/
- https://bugzilla.suse.com/1219494
- https://bugzilla.suse.com/1226892
- https://bugzilla.suse.com/1226897
- https://bugzilla.suse.com/1226898
- https://bugzilla.suse.com/1226899
- https://bugzilla.suse.com/1226900
- https://bugzilla.suse.com/1226901
- https://www.suse.com/security/cve/CVE-2023-22656
- https://www.suse.com/security/cve/CVE-2023-45221
- https://www.suse.com/security/cve/CVE-2023-47169
- https://www.suse.com/security/cve/CVE-2023-47282
- https://www.suse.com/security/cve/CVE-2023-48368
Affected packages
SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSS / gstreamer-plugins-bad
Package
- Name
- gstreamer-plugins-bad
- Purl
- purl:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16.3-150200.4.22.1
Ecosystem specific
{
"binaries": [
{
"libgstplayer-1_0-0": "1.16.3-150200.4.22.1",
"libgstbadaudio-1_0-0": "1.16.3-150200.4.22.1",
"libgstcodecparsers-1_0-0": "1.16.3-150200.4.22.1",
"libgsturidownloader-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstInsertBin-1_0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-devel": "1.16.3-150200.4.22.1",
"libgstwayland-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-chromaprint": "1.16.3-150200.4.22.1",
"typelib-1_0-GstPlayer-1_0": "1.16.3-150200.4.22.1",
"libgstisoff-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad": "1.16.3-150200.4.22.1",
"libgstbasecamerabinsrc-1_0-0": "1.16.3-150200.4.22.1",
"libgstwebrtc-1_0-0": "1.16.3-150200.4.22.1",
"libgstadaptivedemux-1_0-0": "1.16.3-150200.4.22.1",
"libgstmpegts-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-lang": "1.16.3-150200.4.22.1",
"libgstinsertbin-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstMpegts-1_0": "1.16.3-150200.4.22.1",
"libgstphotography-1_0-0": "1.16.3-150200.4.22.1",
"libgstsctp-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstWebRTC-1_0": "1.16.3-150200.4.22.1"
}
]
}
SUSE:Linux Enterprise Server 15 SP2-LTSS / gstreamer-plugins-bad
Package
- Name
- gstreamer-plugins-bad
- Purl
- purl:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16.3-150200.4.22.1
Ecosystem specific
{
"binaries": [
{
"libgstplayer-1_0-0": "1.16.3-150200.4.22.1",
"libgstbadaudio-1_0-0": "1.16.3-150200.4.22.1",
"libgstcodecparsers-1_0-0": "1.16.3-150200.4.22.1",
"libgsturidownloader-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstInsertBin-1_0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-devel": "1.16.3-150200.4.22.1",
"libgstwayland-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-chromaprint": "1.16.3-150200.4.22.1",
"typelib-1_0-GstPlayer-1_0": "1.16.3-150200.4.22.1",
"libgstisoff-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad": "1.16.3-150200.4.22.1",
"libgstbasecamerabinsrc-1_0-0": "1.16.3-150200.4.22.1",
"libgstwebrtc-1_0-0": "1.16.3-150200.4.22.1",
"libgstadaptivedemux-1_0-0": "1.16.3-150200.4.22.1",
"libgstmpegts-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-lang": "1.16.3-150200.4.22.1",
"libgstinsertbin-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstMpegts-1_0": "1.16.3-150200.4.22.1",
"libgstphotography-1_0-0": "1.16.3-150200.4.22.1",
"libgstsctp-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstWebRTC-1_0": "1.16.3-150200.4.22.1"
}
]
}
SUSE:Linux Enterprise Server for SAP Applications 15 SP2 / gstreamer-plugins-bad
Package
- Name
- gstreamer-plugins-bad
- Purl
- purl:rpm/suse/gstreamer-plugins-bad&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.16.3-150200.4.22.1
Ecosystem specific
{
"binaries": [
{
"libgstplayer-1_0-0": "1.16.3-150200.4.22.1",
"libgstbadaudio-1_0-0": "1.16.3-150200.4.22.1",
"libgstcodecparsers-1_0-0": "1.16.3-150200.4.22.1",
"libgsturidownloader-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstInsertBin-1_0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-devel": "1.16.3-150200.4.22.1",
"libgstwayland-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-chromaprint": "1.16.3-150200.4.22.1",
"typelib-1_0-GstPlayer-1_0": "1.16.3-150200.4.22.1",
"libgstisoff-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad": "1.16.3-150200.4.22.1",
"libgstbasecamerabinsrc-1_0-0": "1.16.3-150200.4.22.1",
"libgstwebrtc-1_0-0": "1.16.3-150200.4.22.1",
"libgstadaptivedemux-1_0-0": "1.16.3-150200.4.22.1",
"libgstmpegts-1_0-0": "1.16.3-150200.4.22.1",
"gstreamer-plugins-bad-lang": "1.16.3-150200.4.22.1",
"libgstinsertbin-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstMpegts-1_0": "1.16.3-150200.4.22.1",
"libgstphotography-1_0-0": "1.16.3-150200.4.22.1",
"libgstsctp-1_0-0": "1.16.3-150200.4.22.1",
"typelib-1_0-GstWebRTC-1_0": "1.16.3-150200.4.22.1"
}
]
}