openSUSE Leap 15.4: SUSE-SU-2025:0067-1 critical gstreamer-plugins-good DoS

opensuse

January 10, 2025

An update that solves 22 vulnerabilities can now be installed.

Description

This update for gstreamer-plugins-good fixes the following issues:

* CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM

demuxer. (boo#1234421)

* CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c.

(boo#1234414)

* CVE-2024-47539: Fixed an out-of-bounds write in convert_to_s334_1a.

(boo#1234417)

* CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container.

(boo#1234462)

* CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC

handling. (boo#1234473)

* CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to

out-of-bounds read. (boo#1234476)

* CVE-2024-47546: Fixed an integer underflow in extract_cc_from_data leading

to out-of-bounds read. (boo#1234477)

* CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead

to out-of-bounds reads. (boo#1234424)

* CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table

...

Read the Full Advisory

Topics Covered

security advisory DoS important SUSE gstreamer-plugins-good

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4

zypper in -t patch SUSE-2025-67=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-67=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4

zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-67=1

* SUSE Linux Enterprise Desktop 15 SP4 LTSS

zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2025-67=1

* SUSE Linux Enterprise Server 15 SP4 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-67=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP4

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-67=1

* SUSE Manager Proxy 4.3

zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-67=1

* SUSE Manager Retail Branch Server 4.3

zypper in -t patch...

Read the Full Advisory

Package List

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)

* gstreamer-plugins-good-gtk-debuginfo-1.20.1-150400.3.9.1

* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1

* gstreamer-plugins-good-qtqml-debuginfo-1.20.1-150400.3.9.1

* gstreamer-plugins-good-1.20.1-150400.3.9.1

* gstreamer-plugins-good-extra-debuginfo-1.20.1-150400.3.9.1

* gstreamer-plugins-good-jack-1.20.1-150400.3.9.1

* gstreamer-plugins-good-qtqml-1.20.1-150400.3.9.1

* gstreamer-plugins-good-extra-1.20.1-150400.3.9.1

* gstreamer-plugins-good-gtk-1.20.1-150400.3.9.1

* gstreamer-plugins-good-jack-debuginfo-1.20.1-150400.3.9.1

* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1

* openSUSE Leap 15.4 (x86_64)

* gstreamer-plugins-good-jack-32bit-debuginfo-1.20.1-150400.3.9.1

* gstreamer-plugins-good-32bit-1.20.1-150400.3.9.1

* gstreamer-plugins-good-32bit-debuginfo-1.20.1-150400.3.9.1

* gstreamer-plugins-good-extra-32bit-debuginfo-1.20.1-150400.3.9.1

* gstreamer-plugins-good-jack-32bit-1.20.1-150400.3.9.1

*...

Read the Full Advisory

References

* bsc#1234414

* bsc#1234417

* bsc#1234421

* bsc#1234424

* bsc#1234425

* bsc#1234426

* bsc#1234427

* bsc#1234428

* bsc#1234432

* bsc#1234433

* bsc#1234434

* bsc#1234435

* bsc#1234436

* bsc#1234439

* bsc#1234440

* bsc#1234446

* bsc#1234447

* bsc#1234449

* bsc#1234462

* bsc#1234473

* bsc#1234476

* bsc#1234477

## References:

* https://www.suse.com/security/cve/CVE-2024-47530.html

* https://www.suse.com/security/cve/CVE-2024-47537.html

* https://www.suse.com/security/cve/CVE-2024-47539.html

* https://www.suse.com/security/cve/CVE-2024-47543.html

* https://www.suse.com/security/cve/CVE-2024-47544.html

* https://www.suse.com/security/cve/CVE-2024-47545.html

* https://www.suse.com/security/cve/CVE-2024-47546.html

* https://www.suse.com/security/cve/CVE-2024-47596.html

* https://www.suse.com/security/cve/CVE-2024-47597.html

* https://www.suse.com/security/cve/CVE-2024-47598.html

* https://www.suse.com/security/cve/CVE-2024-47599.html

* https://www.suse.com/security/cve/CVE-2024-47601.html

*...

Read the Full Advisory

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:0067-1

Release Date: 2025-01-10T16:48:43Z

Affected Products: * openSUSE Leap 15.4 * SUSE Linux Enterprise Desktop 15 SP4 LTSS * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3

Topics Covered

security advisory DoS important SUSE gstreamer-plugins-good

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

openSUSE Leap 15.4: SUSE-SU-2025:0067-1 critical gstreamer-plugins-good DoS

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

openSUSE Leap 15.4: SUSE-SU-2025:0067-1 critical gstreamer-plugins-good DoS

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!