Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 496
Alerts This Week
Warning Icon 1 496

openSUSE Leap 15.3: openSUSE-SU-2021:1012-1 Important: Buffer Overflow

opensuse
Calendar Grey July 9, 2021
Scroller Opensuse
A critical patch has been released to fix a memory corruption issue in gstreamer-plugins-bad for openSUSE Leap 15.4.
An update that fixes one vulnerability is now available

Description

This update for gstreamer-plugins-bad fixes the following issues:

- Update to version 1.16.3:

- CVE-2021-3185: buffer overflow in

gst_h264_slice_parse_dec_ref_pic_marking() (bsc#1181255)

- amcvideodec: fix sync meta copying not taking a reference

- audiobuffersplit: Perform discont tracking on running time

- audiobuffersplit: Specify in the template caps that only

interleaved

audio is supported

- audiobuffersplit: Unset DISCONT flag if not discontinuous

- autoconvert: Fix lock-less exchange or free condition

- autoconvert: fix compiler warnings wih g_atomic on recent GLib

versions

- avfvideosrc: element requests camera permissions even with

capture-screen property is true

- codecparsers: h264parser: guard against ref_pic_markings overflow

- dtlsconnection: Avoid segmentation fault when no srtp capabilities

are

negotiated

- dtls/connection: fix EOF handling with openssl 1.1.1e

- fdkaacdec:...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended

installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-2021-1012=1

Package List

- openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64):

gstreamer-plugins-bad-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-chromaprint-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-debuginfo-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-debugsource-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-devel-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-doc-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-fluidsynth-1.16.3-lp153.3.3.1

gstreamer-plugins-bad-fluidsynth-debuginfo-1.16.3-lp153.3.3.1

libgstadaptivedemux-1_0-0-1.16.3-lp153.3.3.1

libgstadaptivedemux-1_0-0-debuginfo-1.16.3-lp153.3.3.1

libgstbadaudio-1_0-0-1.16.3-lp153.3.3.1

libgstbadaudio-1_0-0-debuginfo-1.16.3-lp153.3.3.1

libgstbasecamerabinsrc-1_0-0-1.16.3-lp153.3.3.1

libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-lp153.3.3.1

libgstcodecparsers-1_0-0-1.16.3-lp153.3.3.1

libgstcodecparsers-1_0-0-debuginfo-1.16.3-lp153.3.3.1

libgstinsertbin-1_0-0-1.16.3-lp153.3.3.1

libgstinsertbin-1_0-0-debuginfo-1.16.3-lp153.3.3.1

libgstiso...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2021-3185.html

https://bugzilla.suse.com/1181255

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1012-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.