Security update for gstreamer-plugins-bad (important)

An update that fixes one vulnerability is now available.

Description:

This update for gstreamer-plugins-bad fixes the following issues:

• Update to version 1.16.3:
  - CVE-2021-3185: buffer overflow in
  gst_h264_slice_parse_dec_ref_pic_marking() (bsc#1181255)
  - amcvideodec: fix sync meta copying not taking a reference
  - audiobuffersplit: Perform discont tracking on running time
  - audiobuffersplit: Specify in the template caps that only interleaved
  audio is supported
  - audiobuffersplit: Unset DISCONT flag if not discontinuous
  - autoconvert: Fix lock-less exchange or free condition
  - autoconvert: fix compiler warnings with g_atomic on recent GLib versions
  - avfvideosrc: element requests camera permissions even with
  capture-screen property is true
  - codecparsers: h264parser: guard against ref_pic_markings overflow
  - dtlsconnection: Avoid segmentation fault when no srtp capabilities are
  negotiated
  - dtls/connection: fix EOF handling with openssl 1.1.1e
  - fdkaacdec: add support for mpegversion=2
  - hls: Check nettle version to ensure AES128 support
  - ipcpipeline: Rework compiler checks
  - interlace: Increment phase_index before checking if we’re at the end of
  the phase
  - h264parser: Do not allocate too large size of memory for registered
  user data SEI
  - ladspa: fix unbounded integer properties
  - modplug: avoid division by zero
  - msdkdec: Fix GstMsdkContext leak
  - msdkenc: fix leaks on windows
  - musepackdec: Don’t fail all queries if no sample rate is known yet
  - openslessink: Allow openslessink to handle 48kHz streams.
  - opencv: allow compilation against 4.2.x
  - proxysink: event_function needs to handle the event when it is
  disconnecetd from proxysrc
  - vulkan: Drop use of VK_RESULT_BEGIN_RANGE
  - wasapi: added missing lock release in case of error in
  gst_wasapi_xxx_reset
  - wasapi: Fix possible deadlock while downwards state change
  - waylandsink: Clear window when pipeline is stopped
  - webrtc: Support non-trickle ICE candidates in the SDP
  - webrtc: Unmap all non-binary buffers received via the datachannel

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.3:

  zypper in -t patch openSUSE-2021-1012=1