Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE Leap 15.5: Critical Gstreamer Update for Integer Overflow

opensuse
Calendar Grey December 19, 2023
Dist Opensuse Esm H88
Tackle urgent vulnerabilities in GStreamer on openSUSE by applying essential security patches. Ensure your system's safety by staying up-to-date with these updates.
An update that fixes two vulnerabilities is now available

Description

This update for gstreamer-plugins-bad fixes the following issues:

- CVE-2023-40474: Fixed integer overflow causing out of bounds writes when

handling invalid uncompressed video (bsc#1215796).

- CVE-2023-40476: Fixed possible overflow using max_sub_layers_minus1

(bsc#1215793).

Topics%20covered

Topics Covered

security advisory software update critical fix integer overflow openSUSE gstreamer

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.5:

zypper in -t patch openSUSE-2023-409=1

- openSUSE Leap 15.4:

zypper in -t patch openSUSE-2023-409=1

Package List

- openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64):

gstreamer-plugins-bad-1.22.0-lp155.3.7.1

gstreamer-plugins-bad-chromaprint-1.22.0-lp155.3.7.1

gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-lp155.3.7.1

gstreamer-plugins-bad-debuginfo-1.22.0-lp155.3.7.1

gstreamer-plugins-bad-debugsource-1.22.0-lp155.3.7.1

gstreamer-plugins-bad-devel-1.22.0-lp155.3.7.1

gstreamer-plugins-bad-fluidsynth-1.22.0-lp155.3.7.1

gstreamer-plugins-bad-fluidsynth-debuginfo-1.22.0-lp155.3.7.1

gstreamer-transcoder-1.22.0-lp155.3.7.1

gstreamer-transcoder-debuginfo-1.22.0-lp155.3.7.1

gstreamer-transcoder-devel-1.22.0-lp155.3.7.1

libgstadaptivedemux-1_0-0-1.22.0-lp155.3.7.1

libgstadaptivedemux-1_0-0-debuginfo-1.22.0-lp155.3.7.1

libgstbadaudio-1_0-0-1.22.0-lp155.3.7.1

libgstbadaudio-1_0-0-debuginfo-1.22.0-lp155.3.7.1

libgstbasecamerabinsrc-1_0-0-1.22.0-lp155.3.7.1

libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-lp155.3.7.1

libgstcodecparsers-1_0-0-1.22.0-lp155.3.7.1

libgstcodecparsers-1_0-0-debuginfo-1.22.0-lp155.3.7.1

libgstcode...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2023-40474.html

https://www.suse.com/security/cve/CVE-2023-40476.html

https://bugzilla.suse.com/1215793

https://bugzilla.suse.com/1215796

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0409-1
Rating: important
Affected Products: openSUSE Leap 15.4 openSUSE Leap 15.5 .

Topics%20covered

Topics Covered

security advisory software update critical fix integer overflow openSUSE gstreamer

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here