Explore top 10 tips to secure your open-source projects now. Read More
×
This update for gstreamer-plugins-bad fixes the following issues
* CVE-2026-12892: 1-byte heap out-of-bounds read in H.264 NAL extension slice
parser (bsc#1268971).
* CVE-2026-14935: webrtcbin accepts remote SDP without a=fingerprint due to
inverted presence check (bsc#1271051).
* CVE-2026-52720: invalid check of total area instead of individual dimensions
could trigger a heap out-of-bounds write (bsc#1268406).
* CVE-2026-52721: crafted PCAP records during IPv4 or TCP header parsing could
cause an out-of-bounds read (bsc#1268408).
* CVE-2026-52722: crafted VMnc stream with large cursor dimensions can
overflow signed integer (bsc#1268410).
* CVE-2026-53702: incorrect loop bound during H.265 SEI message parsing could
result in a stack buffer overflow (bsc#1268168).
* CVE-2026-59692: unvalidated peer certificate Subject DN printed during a
DTLS handshake could cause a stack buffer overflow (bsc#1271168).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP6 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-3058=1
* SUSE Package Hub 15 15-SP7
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2026-3058=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-3058=1
* Desktop Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP7-2026-3058=1
* openSUSE Leap 15.6
zypper in -t patch SUSE-2026-3058=1
* Basesystem Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP7-2026-3058=1
* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)
* libgstmse-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstvulkan-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtcnice-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstwebrtc-1_0-0-1.24.0-150600.4.9.1
* libgstcodecs-1_0-0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstmpegts-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstPlay-1_0-1.24.0-150600.4.9.1
* typelib-1_0-GstVa-1_0-1.24.0-150600.4.9.1
* typelib-1_0-CudaGst-1_0-1.24.0-150600.4.9.1
* libgstisoff-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstCodecs-1_0-1.24.0-150600.4.9.1
* gstreamer-plugins-bad-debugsource-1.24.0-150600.4.9.1
* libgstcodecparsers-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgsttranscoder-1_0-0-debuginfo-1.24.0-150600.4.9.1
* libgstplay-1_0-0-1.24.0-150600.4.9.1
* typelib-1_0-GstBadAudio-1_0-1.24.0-150600.4.9.1
* libgstcuda-1_0-0-1.24.0-150600.4.9.1
*...
Read the Full Advisory* bsc#1268168
* bsc#1268406
* bsc#1268408
* bsc#1268410
* bsc#1268971
* bsc#1271051
* bsc#1271168
## References:
* https://www.suse.com/security/cve/CVE-2026-12892.html
* https://www.suse.com/security/cve/CVE-2026-14935.html
* https://www.suse.com/security/cve/CVE-2026-52720.html
* https://www.suse.com/security/cve/CVE-2026-52721.html
* https://www.suse.com/security/cve/CVE-2026-52722.html
* https://www.suse.com/security/cve/CVE-2026-53702.html
* https://www.suse.com/security/cve/CVE-2026-59692.html
* https://bugzilla.suse.com/show_bug.cgi?id=1268168
* https://bugzilla.suse.com/show_bug.cgi?id=1268406
* https://bugzilla.suse.com/show_bug.cgi?id=1268408
* https://bugzilla.suse.com/show_bug.cgi?id=1268410
* https://bugzilla.suse.com/show_bug.cgi?id=1268971
* https://bugzilla.suse.com/show_bug.cgi?id=1271051
* https://bugzilla.suse.com/show_bug.cgi?id=1271168
Get the latest Linux and open source security news straight to your inbox.