SUSE-SU-2024:0005-1

Опубликовано: 02 янв. 2024

Источник: suse-cvrf

Описание

Security update for gstreamer-plugins-bad

This update for gstreamer-plugins-bad fixes the following issues:

CVE-2023-44446: Fixed GStreamer MXF File Parsing Use-After-Free (bsc#1217213).
CVE-2023-40475: Fixed GStreamer MXF File Parsing Integer Overflow (bsc#1215792).

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

gstreamer-plugins-bad-1.20.1-150400.3.15.1

gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1

libgstbadaudio-1_0-0-1.20.1-150400.3.15.1

libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1

libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1

libgstcodecs-1_0-0-1.20.1-150400.3.15.1

libgstinsertbin-1_0-0-1.20.1-150400.3.15.1

libgstisoff-1_0-0-1.20.1-150400.3.15.1

libgstmpegts-1_0-0-1.20.1-150400.3.15.1

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

libgstsctp-1_0-0-1.20.1-150400.3.15.1

libgsturidownloader-1_0-0-1.20.1-150400.3.15.1

libgstva-1_0-0-1.20.1-150400.3.15.1

libgstvulkan-1_0-0-1.20.1-150400.3.15.1

libgstwayland-1_0-0-1.20.1-150400.3.15.1

libgstwebrtc-1_0-0-1.20.1-150400.3.15.1

typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

gstreamer-plugins-bad-1.20.1-150400.3.15.1

gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1

libgstbadaudio-1_0-0-1.20.1-150400.3.15.1

libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1

libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1

libgstcodecs-1_0-0-1.20.1-150400.3.15.1

libgstinsertbin-1_0-0-1.20.1-150400.3.15.1

libgstisoff-1_0-0-1.20.1-150400.3.15.1

libgstmpegts-1_0-0-1.20.1-150400.3.15.1

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

libgstsctp-1_0-0-1.20.1-150400.3.15.1

libgsturidownloader-1_0-0-1.20.1-150400.3.15.1

libgstva-1_0-0-1.20.1-150400.3.15.1

libgstvulkan-1_0-0-1.20.1-150400.3.15.1

libgstwayland-1_0-0-1.20.1-150400.3.15.1

libgstwebrtc-1_0-0-1.20.1-150400.3.15.1

typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1

SUSE Linux Enterprise Module for Basesystem 15 SP4

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

gstreamer-plugins-bad-1.20.1-150400.3.15.1

gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1

libgstbadaudio-1_0-0-1.20.1-150400.3.15.1

libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1

libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1

libgstcodecs-1_0-0-1.20.1-150400.3.15.1

libgstinsertbin-1_0-0-1.20.1-150400.3.15.1

libgstisoff-1_0-0-1.20.1-150400.3.15.1

libgstmpegts-1_0-0-1.20.1-150400.3.15.1

libgstsctp-1_0-0-1.20.1-150400.3.15.1

libgsturidownloader-1_0-0-1.20.1-150400.3.15.1

libgstva-1_0-0-1.20.1-150400.3.15.1

libgstvulkan-1_0-0-1.20.1-150400.3.15.1

libgstwayland-1_0-0-1.20.1-150400.3.15.1

libgstwebrtc-1_0-0-1.20.1-150400.3.15.1

typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1

SUSE Linux Enterprise Module for Package Hub 15 SP4

libgsttranscoder-1_0-0-1.20.1-150400.3.15.1

SUSE Linux Enterprise Real Time 15 SP4

gstreamer-plugins-bad-1.20.1-150400.3.15.1

gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1

libgstbadaudio-1_0-0-1.20.1-150400.3.15.1

libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1

libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1

libgstcodecs-1_0-0-1.20.1-150400.3.15.1

libgstinsertbin-1_0-0-1.20.1-150400.3.15.1

libgstisoff-1_0-0-1.20.1-150400.3.15.1

libgstmpegts-1_0-0-1.20.1-150400.3.15.1

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

libgstsctp-1_0-0-1.20.1-150400.3.15.1

libgsturidownloader-1_0-0-1.20.1-150400.3.15.1

libgstva-1_0-0-1.20.1-150400.3.15.1

libgstvulkan-1_0-0-1.20.1-150400.3.15.1

libgstwayland-1_0-0-1.20.1-150400.3.15.1

libgstwebrtc-1_0-0-1.20.1-150400.3.15.1

typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1

SUSE Linux Enterprise Server 15 SP4-LTSS

gstreamer-plugins-bad-1.20.1-150400.3.15.1

gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1

libgstbadaudio-1_0-0-1.20.1-150400.3.15.1

libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1

libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1

libgstcodecs-1_0-0-1.20.1-150400.3.15.1

libgstinsertbin-1_0-0-1.20.1-150400.3.15.1

libgstisoff-1_0-0-1.20.1-150400.3.15.1

libgstmpegts-1_0-0-1.20.1-150400.3.15.1

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

libgstsctp-1_0-0-1.20.1-150400.3.15.1

libgsturidownloader-1_0-0-1.20.1-150400.3.15.1

libgstva-1_0-0-1.20.1-150400.3.15.1

libgstvulkan-1_0-0-1.20.1-150400.3.15.1

libgstwayland-1_0-0-1.20.1-150400.3.15.1

libgstwebrtc-1_0-0-1.20.1-150400.3.15.1

typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1

SUSE Linux Enterprise Server for SAP Applications 15 SP4

gstreamer-plugins-bad-1.20.1-150400.3.15.1

gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

libgstadaptivedemux-1_0-0-1.20.1-150400.3.15.1

libgstbadaudio-1_0-0-1.20.1-150400.3.15.1

libgstbasecamerabinsrc-1_0-0-1.20.1-150400.3.15.1

libgstcodecparsers-1_0-0-1.20.1-150400.3.15.1

libgstcodecs-1_0-0-1.20.1-150400.3.15.1

libgstinsertbin-1_0-0-1.20.1-150400.3.15.1

libgstisoff-1_0-0-1.20.1-150400.3.15.1

libgstmpegts-1_0-0-1.20.1-150400.3.15.1

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

libgstsctp-1_0-0-1.20.1-150400.3.15.1

libgsturidownloader-1_0-0-1.20.1-150400.3.15.1

libgstva-1_0-0-1.20.1-150400.3.15.1

libgstvulkan-1_0-0-1.20.1-150400.3.15.1

libgstwayland-1_0-0-1.20.1-150400.3.15.1

libgstwebrtc-1_0-0-1.20.1-150400.3.15.1

typelib-1_0-GstBadAudio-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstCodecs-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstInsertBin-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstMpegts-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlay-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstPlayer-1_0-1.20.1-150400.3.15.1

typelib-1_0-GstWebRTC-1_0-1.20.1-150400.3.15.1

SUSE Manager Proxy 4.3

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

SUSE Manager Server 4.3

libgstphotography-1_0-0-1.20.1-150400.3.15.1

libgstplay-1_0-0-1.20.1-150400.3.15.1

libgstplayer-1_0-0-1.20.1-150400.3.15.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240005-1/
Link for SUSE-SU-2024:0005-1
https://lists.suse.com/pipermail/sle-security-updates/2024-January/017580.html
E-Mail link for SUSE-SU-2024:0005-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215792
SUSE Bug 1215792
https://bugzilla.suse.com/1217213
SUSE Bug 1217213
https://www.suse.com/security/cve/CVE-2023-40475/
SUSE CVE CVE-2023-40475 page
https://www.suse.com/security/cve/CVE-2023-44446/
SUSE CVE CVE-2023-44446 page

Описание

GStreamer MXF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-21661.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-1.20.1-150400.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-40475.html
CVE-2023-40475
https://bugzilla.suse.com/1215792
SUSE Bug 1215792

Описание

GStreamer MXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the parsing of MXF video files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22299.

Затронутые продукты

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-1.20.1-150400.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-chromaprint-1.20.1-150400.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-devel-1.20.1-150400.3.15.1

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:gstreamer-plugins-bad-lang-1.20.1-150400.3.15.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-44446.html
CVE-2023-44446
https://bugzilla.suse.com/1217213
SUSE Bug 1217213

SUSE-SU-2024:0005-1

Описание

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS

SUSE Linux Enterprise Module for Basesystem 15 SP4

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

SUSE Linux Enterprise Module for Package Hub 15 SP4

SUSE Linux Enterprise Real Time 15 SP4

SUSE Linux Enterprise Server 15 SP4-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP4

SUSE Manager Proxy 4.3

SUSE Manager Server 4.3

Ссылки

Уязвимость: CVE-2023-40475

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2023-44446

Описание

Затронутые продукты

Ссылки