openSUSE Security Update : gstreamer / gstreamer-plugins-bad / gstreamer-plugins-base / etc (openSUSE-2021-822)

critical Nessus Plugin ID 150206

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues :

gstreamer was updated to version 1.16.3 (bsc#1181255) :

- delay creation of threadpools

- bin: Fix `deep-element-removed` log message

- buffer: fix meta sequence number fallback on rpi

- bufferlist: foreach: always remove as parent if buffer is changed

- bus: Make setting/replacing/clearing the sync handler thread-safe

- elementfactory: Fix missing features in case a feature moves to another filename

- element: When removing a ghost pad also unset its target

- meta: intern registered impl string

- registry: Use a toolchain-specific registry file on Windows

- systemclock: Invalid internal time calculation causes non-increasing clock time on Windows

- value: don't write to `const char *`

- value: Fix segfault comparing empty GValueArrays

- Revert floating enforcing

- aggregator: fix iteration direction in skip_buffers

- sparsefile: fix possible crash when seeking

- baseparse: cache fix

- baseparse: fix memory leak when subclass skips whole input buffer

- baseparse: Set the private duration before posting a duration-changed message

- basetransform: allow not passthrough if generate_output is implemented

- identity: Fix a minor leak using meta_str

- queue: protect against lost wakeups for iterm_del condition

- queue2: Avoid races when posting buffering messages

- queue2: Fix missing/dropped buffering messages at startup

- identity: Unblock condition variable on FLUSH_START

- check: Use `g_thread_yield()` instead of `g_usleep(1)`

- tests: use cpu_family for arch checks

- gst-launch: Follow up to missing `s/g_print/gst_print/g`

- gst-inspect: Add define guard for `g_log_writer_supports_color()`

- gst-launch: go back down to `GST_STATE_NULL` in one step.

- device-monitor: list hidden providers before listing devices

- autotools build fixes for GNU make 4.3

gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255) :

- deinterlace: on-the-fly renegotiation

- flacenc: Pass audio info from set_format() to query_total_samples() explicitly

- flacparse: fix broken reordering of flac metadata

- jack: Use jack_free(3) to release ports

- jpegdec: check buffer size before dereferencing

- pulse: fix discovery of newly added devices

- qtdemux fuzzing fixes

- qtdemux: Add 'mp3 ' fourcc that VLC seems to produce now

- qtdemux: Specify REDIRECT information in error message

- rtpbin: fix shutdown crash in rtpbin

- rtpsession: rename RTCP thread

- rtpvp8pay, rtpvp9pay: fix caps leak in set_caps()

- rtpjpegdepay: outputs framed jpeg

- rtpjitterbuffer: Properly free internal packets queue in finalize()

- rtspsrc: Don't return TRUE for unhandled query

- rtspsrc: Avoid stack overflow recursing waiting for response

- rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff property

- rtspsrc: Error out when failling to receive message response

- rtspsrc: Fix for segmentation fault when handling set/get_parameter requests

- speex: Fix crash on Windows caused by cross-CRT issue

- speexdec: Crash when stopping the pipeline

- splitmuxsrc: Properly stop the loop if no part reader is present

- use gst_element_class_set_metadata when passing dynamic strings

- v4l2videodec: Increase internal bitstream pool size

- v4l2: fix crash when handling unsupported video format

- videocrop: allow properties to be animated by GstController

- videomixer: Don't leak peer caps

- vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD

- wavenc: Fix writing of the channel mask with >2 channels

gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255) :

- amcvideodec: fix sync meta copying not taking a reference

- audiobuffersplit: Perform discont tracking on running time

- audiobuffersplit: Specify in the template caps that only interleaved audio is supported

- audiobuffersplit: Unset DISCONT flag if not discontinuous

- autoconvert: Fix lock-less exchange or free condition

- autoconvert: fix compiler warnings with g_atomic on recent GLib versions

- avfvideosrc: element requests camera permissions even with capture-screen property is true

- codecparsers: h264parser: guard against ref_pic_markings overflow

- dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated

- dtls/connection: fix EOF handling with openssl 1.1.1e

- fdkaacdec: add support for mpegversion=2

- hls: Check nettle version to ensure AES128 support

- ipcpipeline: Rework compiler checks

- interlace: Increment phase_index before checking if we're at the end of the phase

- lv2: Make it build with -fno-common

- h264parser: Do not allocate too large size of memory for registered user data SEI

- ladspa: fix unbounded integer properties

- modplug: avoid division by zero

- msdkdec: Fix GstMsdkContext leak

- msdkenc: fix leaks on windows

- musepackdec: Don't fail all queries if no sample rate is known yet

- openslessink: Allow openslessink to handle 48kHz streams.

- opencv: allow compilation against 4.2.x

- proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc

- vulkan: Drop use of VK_RESULT_BEGIN_RANGE

- wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset

- wasapi: Fix possible deadlock while downwards state change

- waylandsink: Clear window when pipeline is stopped

- webrtc: Support non-trickle ICE candidates in the SDP

- webrtc: Unmap all non-binary buffers received via the datachannel

- meson: build with neon 0.31

- Drop upstream fixed patch:
gstreamer-h264parser-fix-overflow.patch

- h264parser: guard against ref_pic_markings overflow (bsc#1181255 CVE-2021-3185)

- Disable the kate/libtiger plugin. Kate streams for karaoke are not used anymore, and the source tarball for libtiger is no longer available upstream.
(jsc#SLE-13843)

gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255) :

+ x264enc: corrected em_data value in CEA-708 CC SEI message

gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255) :

- audioaggregator: Check all downstream allowed caps structures if they support the upstream rate

- audioaggregator: Fix negotiation with downstream if there is no peer yet

- audioencoder: fix segment event leak

- discoverer: Fix caps handling in `pad-added` signal handler

- discoverer: Start discovering next URI from right thread

- fft: Update our kiss fft version, fixes thread-safety and concurrency issues and misc other things

- gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify)

- gl/display/egl: ensure debug category is initialized

- gstglwindow_x11: fix resize

- pbutils: Add latest H.264 level values

- rtpbuffer: fix header extension length validation

- video: Fix NV12_64Z32 number of component

- video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5

- video: fix top/bottom field flags

- videodecoder: don't copy interlace-mode from reference state

- appsrc/appsink: Make setting/replacing callbacks thread-safe

- compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU

- decodebin3: only force streams-selected seqnum after a select-streams

- glupload: Fix fallback from direct dmabuf to dmabuf upload method

- glvideomixer: perform `_get_highest_precision()` on the GL thread

- libvisual: use `gst_element_class_set_metadata()` when passing dynamic strings

- oggstream: Workaround for broken PAR in VP8 BOS

- subparse: accept WebVTT timestamps without an hour component

- playbin: Handle error message with redirection indication

- textrender: Fix AYUV output.

- typefind: Consider MPEG-PS PSM to be a PES type

- uridecodebin3: default to non-0 buffer-size and buffer-duration, otherwise it could potentially cause big memory allocations over time

- videoaggregator: Don't configure NULL chroma-site/colorimetry

- videorate/videoscale/audioresample: Ensure that the caps returned from...

- build: Replace bashisms in configure for Wayland and GLES3

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected gstreamer / gstreamer-plugins-bad / gstreamer-plugins-base / etc packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1181255

https://jira.suse.com/browse/SLE-13843

Plugin Details

Severity: Critical

ID: 150206

File Name: openSUSE-2021-822.nasl

Version: 1.3

Type: local

Agent: unix

Published: 6/3/2021

Updated: 12/27/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3185

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:gstreamer, p-cpe:/a:novell:opensuse:gstreamer-32bit, p-cpe:/a:novell:opensuse:gstreamer-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-debugsource, p-cpe:/a:novell:opensuse:gstreamer-devel, p-cpe:/a:novell:opensuse:gstreamer-lang, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-chromaprint, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-chromaprint-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-chromaprint-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-chromaprint-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-debugsource, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-devel, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-fluidsynth, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-fluidsynth-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-fluidsynth-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-fluidsynth-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-bad-lang, p-cpe:/a:novell:opensuse:gstreamer-plugins-base, p-cpe:/a:novell:opensuse:gstreamer-plugins-base-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-base-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-base-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-base-debugsource, p-cpe:/a:novell:opensuse:gstreamer-plugins-base-devel, p-cpe:/a:novell:opensuse:gstreamer-plugins-base-devel-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-base-lang, p-cpe:/a:novell:opensuse:gstreamer-plugins-good, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-gtk, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-gtk-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-jack, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-jack-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-jack-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-jack-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-lang, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-qtqml, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-qtqml-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-ugly, p-cpe:/a:novell:opensuse:gstreamer-plugins-ugly-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-ugly-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-ugly-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-ugly-debugsource, p-cpe:/a:novell:opensuse:gstreamer-plugins-ugly-lang, p-cpe:/a:novell:opensuse:gstreamer-utils, p-cpe:/a:novell:opensuse:gstreamer-utils-debuginfo, p-cpe:/a:novell:opensuse:libgstadaptivedemux-1_0-0, p-cpe:/a:novell:opensuse:libgstadaptivedemux-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstadaptivedemux-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstadaptivedemux-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstallocators-1_0-0, p-cpe:/a:novell:opensuse:libgstallocators-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstallocators-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstallocators-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstapp-1_0-0, p-cpe:/a:novell:opensuse:libgstapp-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstapp-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstapp-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstaudio-1_0-0, p-cpe:/a:novell:opensuse:libgstaudio-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstplayer-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstreamer-1_0-0, p-cpe:/a:novell:opensuse:libgstreamer-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstreamer-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstreamer-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstriff-1_0-0, p-cpe:/a:novell:opensuse:libgstriff-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstriff-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstriff-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstrtp-1_0-0, p-cpe:/a:novell:opensuse:libgstrtp-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstrtp-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstrtp-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstrtsp-1_0-0, p-cpe:/a:novell:opensuse:libgstrtsp-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstrtsp-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstrtsp-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstsctp-1_0-0, p-cpe:/a:novell:opensuse:libgstsctp-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstsctp-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstsctp-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-debugsource, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-32bit-debuginfo, p-cpe:/a:novell:opensuse:gstreamer-plugins-good-extra-debuginfo, p-cpe:/a:novell:opensuse:libgstaudio-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstaudio-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstbadaudio-1_0-0, p-cpe:/a:novell:opensuse:libgstbadaudio-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstbadaudio-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstbadaudio-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstbasecamerabinsrc-1_0-0, p-cpe:/a:novell:opensuse:libgstbasecamerabinsrc-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstbasecamerabinsrc-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstbasecamerabinsrc-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstcodecparsers-1_0-0, p-cpe:/a:novell:opensuse:libgstcodecparsers-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstcodecparsers-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstcodecparsers-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstfft-1_0-0, p-cpe:/a:novell:opensuse:libgstfft-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstfft-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstfft-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstgl-1_0-0, p-cpe:/a:novell:opensuse:libgstgl-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstgl-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstgl-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstinsertbin-1_0-0, p-cpe:/a:novell:opensuse:libgstinsertbin-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstinsertbin-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstinsertbin-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstisoff-1_0-0, p-cpe:/a:novell:opensuse:libgstisoff-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstisoff-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstisoff-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstmpegts-1_0-0, p-cpe:/a:novell:opensuse:libgstmpegts-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstmpegts-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstmpegts-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstpbutils-1_0-0, p-cpe:/a:novell:opensuse:libgstpbutils-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstpbutils-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstpbutils-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstphotography-1_0-0, p-cpe:/a:novell:opensuse:libgstphotography-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstphotography-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstphotography-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstplayer-1_0-0, p-cpe:/a:novell:opensuse:libgstplayer-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstplayer-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:typelib-1_0-gstwebrtc-1_0, cpe:/o:novell:opensuse:15.2, p-cpe:/a:novell:opensuse:libgstsdp-1_0-0, p-cpe:/a:novell:opensuse:libgstsdp-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstsdp-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstsdp-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgsttag-1_0-0, p-cpe:/a:novell:opensuse:libgsttag-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgsttag-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgsttag-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgsturidownloader-1_0-0, p-cpe:/a:novell:opensuse:libgsturidownloader-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgsturidownloader-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgsturidownloader-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstvideo-1_0-0, p-cpe:/a:novell:opensuse:libgstvideo-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstvideo-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstvideo-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstwayland-1_0-0, p-cpe:/a:novell:opensuse:libgstwayland-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstwayland-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstwayland-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:libgstwebrtc-1_0-0, p-cpe:/a:novell:opensuse:libgstwebrtc-1_0-0-32bit, p-cpe:/a:novell:opensuse:libgstwebrtc-1_0-0-32bit-debuginfo, p-cpe:/a:novell:opensuse:libgstwebrtc-1_0-0-debuginfo, p-cpe:/a:novell:opensuse:typelib-1_0-gst-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstallocators-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstapp-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstaudio-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstgl-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstinsertbin-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstmpegts-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstpbutils-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstplayer-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstrtp-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstrtsp-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstsdp-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gsttag-1_0, p-cpe:/a:novell:opensuse:typelib-1_0-gstvideo-1_0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/1/2021

Vulnerability Publication Date: 1/26/2021

Reference Information

CVE: CVE-2021-3185