Описание
Security update for gstreamer-plugins-rs
This update for gstreamer-plugins-rs fixes the following issues:
Update to version 0.12.11 (jsc#PED-13826):
- CVE-2024-32650: Fixed infinite loop in rustls::conn::ConnectionCommon:complete_io() with proper client input (bsc#1223219).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
gstreamer-plugins-rs-0.12.11-150600.3.3.1
gstreamer-plugins-rs-devel-0.12.11-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
gstreamer-plugins-rs-0.12.11-150600.3.3.1
gstreamer-plugins-rs-devel-0.12.11-150600.3.3.1
openSUSE Leap 15.6
gstreamer-plugins-rs-0.12.11-150600.3.3.1
gstreamer-plugins-rs-devel-0.12.11-150600.3.3.1
Ссылки
- Link for SUSE-SU-2025:03629-1
- E-Mail link for SUSE-SU-2025:03629-1
- SUSE Security Ratings
- SUSE Bug 1223219
- SUSE CVE CVE-2024-32650 page
Описание
Rustls is a modern TLS library written in Rust. `rustls::ConnectionCommon::complete_io` could fall into an infinite loop based on network input. When using a blocking rustls server, if a client send a `close_notify` message immediately after `client_hello`, the server's `complete_io` will get in an infinite loop. This vulnerability is fixed in 0.23.5, 0.22.4, and 0.21.11.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gstreamer-plugins-rs-0.12.11-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:gstreamer-plugins-rs-devel-0.12.11-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gstreamer-plugins-rs-0.12.11-150600.3.3.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:gstreamer-plugins-rs-devel-0.12.11-150600.3.3.1
Ссылки
- CVE-2024-32650
- SUSE Bug 1223211