Oval Definition:oval:org.opensuse.security:def:68557
Revision Date:2021-06-01Version:1
Title:Security update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly (Important)
Description:

This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues:

gstreamer was updated to version 1.16.3 (bsc#1181255):

- delay creation of threadpools - bin: Fix `deep-element-removed` log message - buffer: fix meta sequence number fallback on rpi - bufferlist: foreach: always remove as parent if buffer is changed - bus: Make setting/replacing/clearing the sync handler thread-safe - elementfactory: Fix missing features in case a feature moves to another filename - element: When removing a ghost pad also unset its target - meta: intern registered impl string - registry: Use a toolchain-specific registry file on Windows - systemclock: Invalid internal time calculation causes non-increasing clock time on Windows - value: don't write to `const char *` - value: Fix segfault comparing empty GValueArrays - Revert floating enforcing - aggregator: fix iteration direction in skip_buffers - sparsefile: fix possible crash when seeking - baseparse: cache fix - baseparse: fix memory leak when subclass skips whole input buffer - baseparse: Set the private duration before posting a duration-changed message - basetransform: allow not passthrough if generate_output is implemented - identity: Fix a minor leak using meta_str - queue: protect against lost wakeups for iterm_del condition - queue2: Avoid races when posting buffering messages - queue2: Fix missing/dropped buffering messages at startup - identity: Unblock condition variable on FLUSH_START - check: Use `g_thread_yield()` instead of `g_usleep(1)` - tests: use cpu_family for arch checks - gst-launch: Follow up to missing `s/g_print/gst_print/g` - gst-inspect: Add define guard for `g_log_writer_supports_color()` - gst-launch: go back down to `GST_STATE_NULL` in one step. - device-monitor: list hidden providers before listing devices - autotools build fixes for GNU make 4.3

gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255):

- deinterlace: on-the-fly renegotiation - flacenc: Pass audio info from set_format() to query_total_samples() explicitly - flacparse: fix broken reordering of flac metadata - jack: Use jack_free(3) to release ports - jpegdec: check buffer size before dereferencing - pulse: fix discovery of newly added devices - qtdemux fuzzing fixes - qtdemux: Add 'mp3 ' fourcc that VLC seems to produce now - qtdemux: Specify REDIRECT information in error message - rtpbin: fix shutdown crash in rtpbin - rtpsession: rename RTCP thread - rtpvp8pay, rtpvp9pay: fix caps leak in set_caps() - rtpjpegdepay: outputs framed jpeg - rtpjitterbuffer: Properly free internal packets queue in finalize() - rtspsrc: Don't return TRUE for unhandled query - rtspsrc: Avoid stack overflow recursing waiting for response - rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff property - rtspsrc: Error out when failling to receive message response - rtspsrc: Fix for segmentation fault when handling set/get_parameter requests - speex: Fix crash on Windows caused by cross-CRT issue - speexdec: Crash when stopping the pipeline - splitmuxsrc: Properly stop the loop if no part reader is present - use gst_element_class_set_metadata when passing dynamic strings - v4l2videodec: Increase internal bitstream pool size - v4l2: fix crash when handling unsupported video format - videocrop: allow properties to be animated by GstController - videomixer: Don't leak peer caps - vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD - wavenc: Fix writing of the channel mask with >2 channels

gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255):

- amcvideodec: fix sync meta copying not taking a reference - audiobuffersplit: Perform discont tracking on running time - audiobuffersplit: Specify in the template caps that only interleaved audio is supported - audiobuffersplit: Unset DISCONT flag if not discontinuous - autoconvert: Fix lock-less exchange or free condition - autoconvert: fix compiler warnings with g_atomic on recent GLib versions - avfvideosrc: element requests camera permissions even with capture-screen property is true - codecparsers: h264parser: guard against ref_pic_markings overflow - dtlsconnection: Avoid segmentation fault when no srtp capabilities are negotiated - dtls/connection: fix EOF handling with openssl 1.1.1e - fdkaacdec: add support for mpegversion=2 - hls: Check nettle version to ensure AES128 support - ipcpipeline: Rework compiler checks - interlace: Increment phase_index before checking if we're at the end of the phase - lv2: Make it build with -fno-common - h264parser: Do not allocate too large size of memory for registered user data SEI - ladspa: fix unbounded integer properties - modplug: avoid division by zero - msdkdec: Fix GstMsdkContext leak - msdkenc: fix leaks on windows - musepackdec: Don't fail all queries if no sample rate is known yet - openslessink: Allow openslessink to handle 48kHz streams. - opencv: allow compilation against 4.2.x - proxysink: event_function needs to handle the event when it is disconnecetd from proxysrc - vulkan: Drop use of VK_RESULT_BEGIN_RANGE - wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset - wasapi: Fix possible deadlock while downwards state change - waylandsink: Clear window when pipeline is stopped - webrtc: Support non-trickle ICE candidates in the SDP - webrtc: Unmap all non-binary buffers received via the datachannel - meson: build with neon 0.31 - Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch

- h264parser: guard against ref_pic_markings overflow (bsc#1181255 CVE-2021-3185)

- Disable the kate/libtiger plugin. Kate streams for karaoke are not used anymore, and the source tarball for libtiger is no longer available upstream. (jsc#SLE-13843)

gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255):

+ x264enc: corrected em_data value in CEA-708 CC SEI message

gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255):

- audioaggregator: Check all downstream allowed caps structures if they support the upstream rate - audioaggregator: Fix negotiation with downstream if there is no peer yet - audioencoder: fix segment event leak - discoverer: Fix caps handling in `pad-added` signal handler - discoverer: Start discovering next URI from right thread - fft: Update our kiss fft version, fixes thread-safety and concurrency issues and misc other things - gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify) - gl/display/egl: ensure debug category is initialized - gstglwindow_x11: fix resize - pbutils: Add latest H.264 level values - rtpbuffer: fix header extension length validation - video: Fix NV12_64Z32 number of component - video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5 - video: fix top/bottom field flags - videodecoder: don't copy interlace-mode from reference state - appsrc/appsink: Make setting/replacing callbacks thread-safe - compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU - decodebin3: only force streams-selected seqnum after a select-streams - glupload: Fix fallback from direct dmabuf to dmabuf upload method - glvideomixer: perform `_get_highest_precision()` on the GL thread - libvisual: use `gst_element_class_set_metadata()` when passing dynamic strings - oggstream: Workaround for broken PAR in VP8 BOS - subparse: accept WebVTT timestamps without an hour component - playbin: Handle error message with redirection indication - textrender: Fix AYUV output. - typefind: Consider MPEG-PS PSM to be a PES type - uridecodebin3: default to non-0 buffer-size and buffer-duration, otherwise it could potentially cause big memory allocations over time - videoaggregator: Don't configure NULL chroma-site/colorimetry - videorate/videoscale/audioresample: Ensure that the caps returned from... - build: Replace bashisms in configure for Wayland and GLES3
Family:unixClass:patch
Status:Reference(s):1173466
1173467
1173469
1175568
1181255
CVE-2020-15304
CVE-2020-15305
CVE-2020-15306
CVE-2020-8027
CVE-2021-3185
SUSE-SU-2020:1931-1
SUSE-SU-2020:2712-1
SUSE-SU-2021:1819-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP3
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Development Tools 15 SP1
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed
  • AND Package Information
  • openldap2-2.4.46-9.37 is installed
  • OR openldap2-devel-32bit-2.4.46-9.37 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • libIlmImf-2_2-23-2.2.1-3.18 is installed
  • OR libIlmImfUtil-2_2-23-2.2.1-3.18 is installed
  • OR openexr-2.2.1-3.18 is installed
  • OR openexr-devel-2.2.1-3.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for additional PackageHub packages 15 SP3 is installed
  • AND Package Information
  • gstreamer-32bit-1.16.3-3.3.1 is installed
  • OR libgstaudio-1_0-0-32bit-1.16.3-4.3.1 is installed
  • OR libgstreamer-1_0-0-32bit-1.16.3-3.3.1 is installed
  • OR libgsttag-1_0-0-32bit-1.16.3-4.3.1 is installed
  • OR libgstvideo-1_0-0-32bit-1.16.3-4.3.1 is installed
    • BACK