Explore top 10 tips to secure your open-source projects now. Read More
×* bsc#1234449 Cross-References: * CVE-2024-47606 . # Security update for gstreamer Announcement ID: SUSE-SU-2025:02034-1 Release Date: 2025-06-20T08:04:54Z Rating: important References: * bsc#1234449 Cross-References: * CVE-2024-47606 CVSS scores: * CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47606 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer fixes the following issues: * CVE-2024-47606: Fixed integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (bsc#1234449) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-2034=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-2034=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-2034=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-2034=1 * SUSE Linux Enterprise Micro5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2034=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-2034=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * gstreamer-utils-debuginfo-1.16.3-150200.3.6.1 * typelib-1_0-Gst-1_0-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-debuginfo-1.16.3-150200.3.6.1 * gstreamer-1.16.3-150200.3.6.1 * gstreamer-debuginfo-1.16.3-150200.3.6.1 * gstreamer-utils-1.16.3-150200.3.6.1 * gstreamer-devel-1.16.3-150200.3.6.1 * gstreamer-debugsource-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-1.16.3-150200.3.6.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * gstreamer-lang-1.16.3-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * gstreamer-utils-debuginfo-1.16.3-150200.3.6.1 * typelib-1_0-Gst-1_0-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-debuginfo-1.16.3-150200.3.6.1 * gstreamer-1.16.3-150200.3.6.1 * gstreamer-debuginfo-1.16.3-150200.3.6.1 * gstreamer-utils-1.16.3-150200.3.6.1 * gstreamer-devel-1.16.3-150200.3.6.1 * gstreamer-debugsource-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-1.16.3-150200.3.6.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) * gstreamer-lang-1.16.3-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * gstreamer-utils-debuginfo-1.16.3-150200.3.6.1 * typelib-1_0-Gst-1_0-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-debuginfo-1.16.3-150200.3.6.1 * gstreamer-1.16.3-150200.3.6.1 * gstreamer-debuginfo-1.16.3-150200.3.6.1 * gstreamer-utils-1.16.3-150200.3.6.1 * gstreamer-devel-1.16.3-150200.3.6.1 * gstreamer-debugsource-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-1.16.3-150200.3.6.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * gstreamer-lang-1.16.3-150200.3.6.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) *gstreamer-utils-debuginfo-1.16.3-150200.3.6.1 * typelib-1_0-Gst-1_0-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-debuginfo-1.16.3-150200.3.6.1 * gstreamer-1.16.3-150200.3.6.1 * gstreamer-debuginfo-1.16.3-150200.3.6.1 * gstreamer-utils-1.16.3-150200.3.6.1 * gstreamer-devel-1.16.3-150200.3.6.1 * gstreamer-debugsource-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-1.16.3-150200.3.6.1 * SUSE Enterprise Storage 7.1 (noarch) * gstreamer-lang-1.16.3-150200.3.6.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * libgstreamer-1_0-0-debuginfo-1.16.3-150200.3.6.1 * gstreamer-1.16.3-150200.3.6.1 * gstreamer-debuginfo-1.16.3-150200.3.6.1 * gstreamer-debugsource-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-1.16.3-150200.3.6.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * libgstreamer-1_0-0-debuginfo-1.16.3-150200.3.6.1 * gstreamer-1.16.3-150200.3.6.1 * gstreamer-debuginfo-1.16.3-150200.3.6.1 * gstreamer-debugsource-1.16.3-150200.3.6.1 * libgstreamer-1_0-0-1.16.3-150200.3.6.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47606.html * https://bugzilla.suse.com/show_bug.cgi?id=1234449 . Crucial SUSE patch for gstreamer tackles CVE-2024-47606 integer overflow flaw. Immediate response required!. SUSE linux enterprise,gstreamer update,CVE-2024-47606,security patch. . Severity: Important. LinuxSecurity.com Team
Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202506-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: GStreamer, GStreamer Plugins: Multiple Vulnerabilities Date: June 12, 2025 Bugs: #948198 ID: 202506-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in GStreamer and GStreamer Plugins, the worst of which could lead to code execution. Background ========== GStreamer is an open source multimedia framework. Affected packages ================= Package Vulnerable Unaffected --------------------------- ------------ ------------ media-libs/gst-plugins-base < 1.24.10 > = 1.24.10 media-libs/gstreamer < 1.24.10 > = 1.24.10 Description =========== Multiple vulnerabilities have been discovered in GStreamer, GStreamer Plugins. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All GStreamer, GStreamer Plugins users should upgrade to the latest versions: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/gstreamer-1.24.10" "> =media-libs/gst-plugins-bad-1.24.10" References ========== [ 1 ] CVE-2024-44331 https://nvd.nist.gov/vuln/detail/CVE-2024-44331 [ 2 ] CVE-2024-47537 https://nvd.nist.gov/vuln/detail/CVE-2024-47537 [ 3 ] CVE-2024-47538 https://nvd.nist.gov/vuln/detail/CVE-2024-47538 [ 4 ] CVE-2024-47539 https://nvd.nist.gov/vuln/detail/CVE-2024-47539 [ 5 ] CVE-2024-47540 https://nvd.nist.gov/vuln/detail/CVE-2024-47540 [ 6 ] CVE-2024-47541 https://nvd.nist.gov/vuln/detail/CVE-2024-47541 [ 7 ] CVE-2024-47542 https://nvd.nist.gov/vuln/detail/CVE-2024-47542 [ 8 ] CVE-2024-47543 https://nvd.nist.gov/vuln/detail/CVE-2024-47543 [ 9 ] CVE-2024-47544 https://nvd.nist.gov/vuln/detail/CVE-2024-47544 [ 10 ] CVE-2024-47545 https://nvd.nist.gov/vuln/detail/CVE-2024-47545 [ 11 ] CVE-2024-47546 https://nvd.nist.gov/vuln/detail/CVE-2024-47546 [ 12 ] CVE-2024-47596 https://nvd.nist.gov/vuln/detail/CVE-2024-47596 [ 13 ] CVE-2024-47597 https://nvd.nist.gov/vuln/detail/CVE-2024-47597 [ 14 ] CVE-2024-47598 https://nvd.nist.gov/vuln/detail/CVE-2024-47598 [ 15 ] CVE-2024-47599 https://nvd.nist.gov/vuln/detail/CVE-2024-47599 [ 16 ] CVE-2024-47600 https://nvd.nist.gov/vuln/detail/CVE-2024-47600 [ 17 ] CVE-2024-47601 https://nvd.nist.gov/vuln/detail/CVE-2024-47601 [ 18 ] CVE-2024-47602 https://nvd.nist.gov/vuln/detail/CVE-2024-47602 [ 19 ] CVE-2024-47603 https://nvd.nist.gov/vuln/detail/CVE-2024-47603 [ 20 ] CVE-2024-47606 https://nvd.nist.gov/vuln/detail/CVE-2024-47606 [ 21 ] CVE-2024-47607 https://nvd.nist.gov/vuln/detail/CVE-2024-47607 [ 22 ] CVE-2024-47613 https://nvd.nist.gov/vuln/detail/CVE-2024-47613 [ 23 ] CVE-2024-47615 https://nvd.nist.gov/vuln/detail/CVE-2024-47615 [ 24 ] CVE-2024-47774 https://nvd.nist.gov/vuln/detail/CVE-2024-47774 [ 25 ] CVE-2024-47775 https://nvd.nist.gov/vuln/detail/CVE-2024-47775 [ 26 ] CVE-2024-47776 https://nvd.nist.gov/vuln/detail/CVE-2024-47776 [ 27 ] CVE-2024-47777 https://nvd.nist.gov/vuln/detail/CVE-2024-47777 [ 28 ] CVE-2024-47778 https://nvd.nist.gov/vuln/detail/CVE-2024-47778 [ 29 ] CVE-2024-47834 https://nvd.nist.gov/vuln/detail/CVE-2024-47834 [ 30 ] CVE-2024-47835 https://nvd.nist.gov/vuln/detail/CVE-2024-47835 [ 31 ]GStreamer-SA-2024-0003 [ 32 ] GStreamer-SA-2024-0004 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202506-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Backport fix for CVE-2025-3887.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-802ec573e7 2025-06-08 02:30:29.771905+00:00 -------------------------------------------------------------------------------- Name : mingw-gstreamer1-plugins-bad-free Product : Fedora 41 Version : 1.24.10 Release : 3.fc41 URL : http://gstreamer.freedesktop.org/ Summary : Cross compiled GStreamer1 plug-ins "bad" Description : GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality. -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2025-3887. -------------------------------------------------------------------------------- ChangeLog: * Fri May 30 2025 Sandro Mani - 1.24.10-3 - Backport patch for CVE-2025-3887 * Fri May 30 2025 Sandro Mani - 1.24.10-2 - Backport fix for CVE-2025-3887 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2367931 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2367931 [ 2 ] Bug #2367933 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367933 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-802ec573e7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label Allpackages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Backport fix for CVE-2025-3887.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-96b62e4c87 2025-06-08 01:30:39.027167+00:00 -------------------------------------------------------------------------------- Name : mingw-gstreamer1-plugins-bad-free Product : Fedora 42 Version : 1.25.1 Release : 3.fc42 URL : http://gstreamer.freedesktop.org/ Summary : Cross compiled GStreamer1 plug-ins "bad" Description : GStreamer is a streaming media framework, based on graphs of elements which operate on media data. This package contains plug-ins that aren't tested well enough, or the code is not of good enough quality. -------------------------------------------------------------------------------- Update Information: Backport fix for CVE-2025-3887. -------------------------------------------------------------------------------- ChangeLog: * Fri May 30 2025 Sandro Mani - 1.25.1-3 - Backport fix for CVE-2025-3887 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2367931 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2367931 [ 2 ] Bug #2367933 - CVE-2025-3887 mingw-gstreamer1: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367933 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-96b62e4c87' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keysused by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Several security issues were fixed in GStreamer Bad Plugins.. ========================================================================== Ubuntu Security Notice USN-7558-1 June 05, 2025 gst-plugins-bad1.0 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in GStreamer Bad Plugins. Software Description: - gst-plugins-bad1.0: GStreamer plugins Details: It was discovered that the AV1 codec plugin in GStreamer could be made to write out of bounds. An attacker could possibly use this issue to cause applications using the plugin to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-50186, CVE-2024-0444) It was discovered that the H265 codec plugin in GStreamer could be made to write out of bounds. An attacker could possibly use this issue to cause applications using the plugin to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-3887) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 gstreamer1.0-plugins-bad 1.26.0-1ubuntu2.1 libgstreamer-plugins-bad1.0-0 1.26.0-1ubuntu2.1 Ubuntu 24.10 gstreamer1.0-plugins-bad 1.24.8-2ubuntu1.1 libgstreamer-plugins-bad1.0-0 1.24.8-2ubuntu1.1 Ubuntu 24.04 LTS gstreamer1.0-plugins-bad 1.24.2-1ubuntu4+esm1 Available with Ubuntu Pro libgstreamer-plugins-bad1.0-0 1.24.2-1ubuntu4+esm1 Available with Ubuntu Pro Ubuntu 22.04 LTS gstreamer1.0-plugins-bad 1.20.3-0ubuntu1.1+esm2 Available with Ubuntu Pro libgstreamer-plugins-bad1.0-0 1.20.3-0ubuntu1.1+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS gstreamer1.0-plugins-bad 1.16.3-0ubuntu1.1+esm1 Available with Ubuntu Pro libgstreamer-plugins-bad1.0-0 1.16.3-0ubuntu1.1+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7558-1 CVE-2023-50186, CVE-2024-0444, CVE-2025-3887 Package Information: https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.26.0-1ubuntu2.1 https://launchpad.net/ubuntu/+source/gst-plugins-bad1.0/1.24.8-2ubuntu1.1 . Explore the latest security updates for GStreamer Bad Plugins impacting various versions of Ubuntu.. GStreamer Plugins, Ubuntu Security, Bad Plugins Issues. . Severity: Critical. LinuxSecurity.com Team
* bsc#1234415 * bsc#1234450 * bsc#1234453 * bsc#1234455 * bsc#1234456 . # Security update for gstreamer-plugins-base Announcement ID: SUSE-SU-2025:20134-1 Release Date: 2025-03-05T16:07:33Z Rating: important References: * bsc#1234415 * bsc#1234450 * bsc#1234453 * bsc#1234455 * bsc#1234456 * bsc#1234459 * bsc#1234460 Cross-References: * CVE-2024-47538 * CVE-2024-47541 * CVE-2024-47542 * CVE-2024-47600 * CVE-2024-47607 * CVE-2024-47615 * CVE-2024-47835 CVSS scores: * CVE-2024-47538 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47538 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47541 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47541 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-47541 ( NVD ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47541 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47542 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47542 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47542 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47600 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-47600 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47600 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2024-47607 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47607 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47607 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47615 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47615 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47835 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.0 An update that solves seven vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-base fixes the following issues: * CVE-2024-47538: Fixed stack-buffer overflow in vorbis_handle_identification_packet (bsc#1234415). * CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser (bsc#1234450). * CVE-2024-47600: Fixed Out-of-bounds read in gst-discoverer-1.0 commandline tool (bsc#1234453). * CVE-2024-47607: Fixed Stack buffer-overflow in Opus decoder (bsc#1234455). * CVE-2024-47615: Fixed Out-of-bounds write in Ogg demuxer (bsc#1234456). * CVE-2024-47541:Fixed out-of-bounds write in SSA subtitle parser (bsc#1234459). * CVE-2024-47542: Fixed ID3v2 parser out-of-bounds read and NULL-pointer dereference (bsc#1234460). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.0 zypper in -t patch SUSE-SLE-Micro-6.0-223=1 ## Package List: * SUSE Linux Micro 6.0 (aarch64 s390x x86_64) * libgstapp-1_0-0-1.22.9-2.1 * libgstpbutils-1_0-0-debuginfo-1.22.9-2.1 * libgstgl-1_0-0-debuginfo-1.22.9-2.1 * libgsttag-1_0-0-debuginfo-1.22.9-2.1 * gstreamer-plugins-base-1.22.9-2.1 * libgstaudio-1_0-0-debuginfo-1.22.9-2.1 * libgstvideo-1_0-0-debuginfo-1.22.9-2.1 * libgstpbutils-1_0-0-1.22.9-2.1 * libgstallocators-1_0-0-1.22.9-2.1 * libgstaudio-1_0-0-1.22.9-2.1 * libgstapp-1_0-0-debuginfo-1.22.9-2.1 * libgstriff-1_0-0-debuginfo-1.22.9-2.1 * libgstriff-1_0-0-1.22.9-2.1 * libgstallocators-1_0-0-debuginfo-1.22.9-2.1 * gstreamer-plugins-base-debuginfo-1.22.9-2.1 * libgsttag-1_0-0-1.22.9-2.1 * gstreamer-plugins-base-debugsource-1.22.9-2.1 * libgstgl-1_0-0-1.22.9-2.1 * libgstvideo-1_0-0-1.22.9-2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47538.html * https://www.suse.com/security/cve/CVE-2024-47541.html * https://www.suse.com/security/cve/CVE-2024-47542.html * https://www.suse.com/security/cve/CVE-2024-47600.html * https://www.suse.com/security/cve/CVE-2024-47607.html * https://www.suse.com/security/cve/CVE-2024-47615.html * https://www.suse.com/security/cve/CVE-2024-47835.html * https://bugzilla.suse.com/show_bug.cgi?id=1234415 * https://bugzilla.suse.com/show_bug.cgi?id=1234450 * https://bugzilla.suse.com/show_bug.cgi?id=1234453 * https://bugzilla.suse.com/show_bug.cgi?id=1234455 * https://bugzilla.suse.com/show_bug.cgi?id=1234456 *https://bugzilla.suse.com/show_bug.cgi?id=1234459 * https://bugzilla.suse.com/show_bug.cgi?id=1234460 . Important revision for gstreamer-plugins-base on SUSE tackling various vulnerabilities and challenges.. SUSE Linux,gstreamer security,update patches,data protection. . Severity: Important. LinuxSecurity.com Team
* bsc#1234449 Cross-References: * CVE-2024-47606 . # Security update for gstreamer Announcement ID: SUSE-SU-2025:20240-1 Release Date: 2025-03-19T11:06:59Z Rating: important References: * bsc#1234449 Cross-References: * CVE-2024-47606 CVSS scores: * CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47606 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves one vulnerability can now be installed. ## Description: This update for gstreamer fixes the following issues: * CVE-2024-47606: avoid integer overflow when allocating sysmem (bsc#1234449). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-47=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * gstreamer-debugsource-1.24.7-slfo.1.1_2.1 * gstreamer-1.24.7-slfo.1.1_2.1 * gstreamer-debuginfo-1.24.7-slfo.1.1_2.1 * libgstreamer-1_0-0-1.24.7-slfo.1.1_2.1 * libgstreamer-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47606.html * https://bugzilla.suse.com/show_bug.cgi?id=1234449 . To address the integer overflow vulnerability in GStreamer for SUSE Micro 6.1, follow key security measures such as updating packages, applying patches, and running checks. SUSE Linux Micro Update, Gstreamer Security Fix, Security Advisory 2025, Important Bug Fix, Integer Overflow Patch. . Severity: Important. LinuxSecurity.com Team
* bsc#1234415 * bsc#1234450 * bsc#1234453 * bsc#1234455 * bsc#1234456 . # Security update for gstreamer-plugins-base Announcement ID: SUSE-SU-2025:20241-1 Release Date: 2025-03-20T10:57:43Z Rating: important References: * bsc#1234415 * bsc#1234450 * bsc#1234453 * bsc#1234455 * bsc#1234456 * bsc#1234459 * bsc#1234460 Cross-References: * CVE-2024-47538 * CVE-2024-47541 * CVE-2024-47542 * CVE-2024-47600 * CVE-2024-47607 * CVE-2024-47615 * CVE-2024-47835 CVSS scores: * CVE-2024-47538 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47538 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47541 ( SUSE ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47541 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-47541 ( NVD ): 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47541 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47542 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47542 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47542 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47600 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2024-47600 ( NVD ): 5.1 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47600 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2024-47607 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47607 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47607 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47615 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47615 ( NVD ): 8.6 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-47835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-47835 ( NVD ): 6.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2024-47835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Micro 6.1 An update that solves seven vulnerabilities can now be installed. ## Description: This update for gstreamer-plugins-base fixes the following issues: * CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet (bsc#1234415). * CVE-2024-47835: Fixed NULL-pointer dereference in LRC subtitle parser (bsc#1234450). * CVE-2024-47600: Fixed Out-of-bounds read in gst-discoverer-1.0 commandline tool (bsc#1234453). * CVE-2024-47615: Fixed Out-of-bounds write in Ogg demuxer (bsc#1234456). * CVE-2024-47541: Fixed out-of-bounds write in SSA subtitle parser (bsc#1234459). *CVE-2024-47542: Fixed ID3v2 parser out-of-bounds read and NULL-pointer dereference (bsc#1234460). * CVE-2024-47607: Fixed Stack buffer-overflow in Opus decoder (bsc#1234455). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Micro 6.1 zypper in -t patch SUSE-SLE-Micro-6.1-48=1 ## Package List: * SUSE Linux Micro 6.1 (aarch64 ppc64le s390x x86_64) * libgstallocators-1_0-0-1.24.7-slfo.1.1_2.1 * libgstvideo-1_0-0-1.24.7-slfo.1.1_2.1 * libgstaudio-1_0-0-1.24.7-slfo.1.1_2.1 * libgstriff-1_0-0-1.24.7-slfo.1.1_2.1 * libgsttag-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 * libgstriff-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 * gstreamer-plugins-base-1.24.7-slfo.1.1_2.1 * libgstpbutils-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 * libgsttag-1_0-0-1.24.7-slfo.1.1_2.1 * libgstvideo-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 * gstreamer-plugins-base-debuginfo-1.24.7-slfo.1.1_2.1 * libgstapp-1_0-0-1.24.7-slfo.1.1_2.1 * libgstaudio-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 * libgstgl-1_0-0-1.24.7-slfo.1.1_2.1 * libgstapp-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 * libgstpbutils-1_0-0-1.24.7-slfo.1.1_2.1 * libgstgl-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 * gstreamer-plugins-base-debugsource-1.24.7-slfo.1.1_2.1 * libgstallocators-1_0-0-debuginfo-1.24.7-slfo.1.1_2.1 ## References: * https://www.suse.com/security/cve/CVE-2024-47538.html * https://www.suse.com/security/cve/CVE-2024-47541.html * https://www.suse.com/security/cve/CVE-2024-47542.html * https://www.suse.com/security/cve/CVE-2024-47600.html * https://www.suse.com/security/cve/CVE-2024-47607.html * https://www.suse.com/security/cve/CVE-2024-47615.html * https://www.suse.com/security/cve/CVE-2024-47835.html * https://bugzilla.suse.com/show_bug.cgi?id=1234415 * https://bugzilla.suse.com/show_bug.cgi?id=1234450 *https://bugzilla.suse.com/show_bug.cgi?id=1234453 * https://bugzilla.suse.com/show_bug.cgi?id=1234455 * https://bugzilla.suse.com/show_bug.cgi?id=1234456 * https://bugzilla.suse.com/show_bug.cgi?id=1234459 * https://bugzilla.suse.com/show_bug.cgi?id=1234460 . SUSE Linux Micro update enhances gstreamer security by addressing several vulnerabilities for improved stability.. SUSE Linux Micro,gstreamer security update,buffer overflow fix,out-of-bounds issues,security enhancement. . Severity: Important. LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.