9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
An update that fixes one vulnerability, contains one
feature is now available.
Description:
This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base,
gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues:
gstreamer was updated to version 1.16.3 (bsc#1181255):
deep-element-removed
log messageconst char *
g_thread_yield()
instead of g_usleep(1)
s/g_print/gst_print/g
g_log_writer_supports_color()
GST_STATE_NULL
in one step.gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255):
gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255):
amcvideodec: fix sync meta copying not taking a reference
audiobuffersplit: Perform discont tracking on running time
audiobuffersplit: Specify in the template caps that only interleaved
audio is supported
audiobuffersplit: Unset DISCONT flag if not discontinuous
autoconvert: Fix lock-less exchange or free condition
autoconvert: fix compiler warnings with g_atomic on recent GLib versions
avfvideosrc: element requests camera permissions even with
capture-screen property is true
codecparsers: h264parser: guard against ref_pic_markings overflow
dtlsconnection: Avoid segmentation fault when no srtp capabilities are
negotiated
dtls/connection: fix EOF handling with openssl 1.1.1e
fdkaacdec: add support for mpegversion=2
hls: Check nettle version to ensure AES128 support
ipcpipeline: Rework compiler checks
interlace: Increment phase_index before checking if we’re at the end of
the phase
lv2: Make it build with -fno-common
h264parser: Do not allocate too large size of memory for registered user
data SEI
ladspa: fix unbounded integer properties
modplug: avoid division by zero
msdkdec: Fix GstMsdkContext leak
msdkenc: fix leaks on windows
musepackdec: Don’t fail all queries if no sample rate is known yet
openslessink: Allow openslessink to handle 48kHz streams.
opencv: allow compilation against 4.2.x
proxysink: event_function needs to handle the event when it is
disconnecetd from proxysrc
vulkan: Drop use of VK_RESULT_BEGIN_RANGE
wasapi: added missing lock release in case of error in
gst_wasapi_xxx_reset
wasapi: Fix possible deadlock while downwards state change
waylandsink: Clear window when pipeline is stopped
webrtc: Support non-trickle ICE candidates in the SDP
webrtc: Unmap all non-binary buffers received via the datachannel
meson: build with neon 0.31
Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch
h264parser: guard against ref_pic_markings overflow (bsc#1181255
CVE-2021-3185)
Disable the kate/libtiger plugin. Kate streams for karaoke are not used
anymore, and the source tarball for libtiger is no longer available
upstream. (jsc#SLE-13843)
gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255):
gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255):
pad-added
signal handler_get_highest_precision()
on the GL threadgst_element_class_set_metadata()
when passing dynamicPatch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-1819=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.3 | aarch64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm | |
openSUSE Leap | 15.3 | ppc64le | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm | |
openSUSE Leap | 15.3 | s390x | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm | |
openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm | |
openSUSE Leap | 15.3 | noarch | < - openSUSE Leap 15.3 (noarch): | - openSUSE Leap 15.3 (noarch):.noarch.rpm | |
openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (x86_64): | - openSUSE Leap 15.3 (x86_64):.x86_64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P