openSUSE Security Update: Security update for gstreamer-plugins-bad, libvpl ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0306-1 Rating: important References: #1218534 #1219494 #1223263 #1226892 #1226897 #1226898 #1226899 #1226900 #1226901 PED-10024 Cross-References: CVE-2023-22656 CVE-2023-45221 CVE-2023-47169 CVE-2023-47282 CVE-2023-48368 CVE-2023-50186 CVSS scores: CVE-2023-22656 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2023-45221 (SUSE): 4.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2023-47169 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2023-47282 (SUSE): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L CVE-2023-48368 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H CVE-2023-50186 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.5 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has three fixes is now available. Description: This update for gstreamer-plugins-bad, libvpl fixes the following issues: - Dropped support for libmfx to fix the following CVEs: * libmfx: improper input validation (CVE-2023-48368, bsc#1226897) * libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898) * libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899) * libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900) * libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901) The libmfx dependency is replaced by libvpl. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.5: zypper in -t patch openSUSE-2024-306=1 Package List: - openSUSE Leap 15.5 (aarch64 i586 ppc64le s390x x86_64): gstreamer-plugins-bad-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-chromaprint-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-chromaprint-debuginfo-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-debuginfo-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-debugsource-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-devel-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-fluidsynth-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-fluidsynth-debuginfo-1.22.0-lp155.3.14.1 gstreamer-transcoder-1.22.0-lp155.3.14.1 gstreamer-transcoder-debuginfo-1.22.0-lp155.3.14.1 gstreamer-transcoder-devel-1.22.0-lp155.3.14.1 libgstadaptivedemux-1_0-0-1.22.0-lp155.3.14.1 libgstadaptivedemux-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstbadaudio-1_0-0-1.22.0-lp155.3.14.1 libgstbadaudio-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstbasecamerabinsrc-1_0-0-1.22.0-lp155.3.14.1 libgstbasecamerabinsrc-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstcodecparsers-1_0-0-1.22.0-lp155.3.14.1 libgstcodecparsers-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstcodecs-1_0-0-1.22.0-lp155.3.14.1 libgstcodecs-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstcuda-1_0-0-1.22.0-lp155.3.14.1 libgstcuda-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstinsertbin-1_0-0-1.22.0-lp155.3.14.1 libgstinsertbin-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstisoff-1_0-0-1.22.0-lp155.3.14.1 libgstisoff-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstmpegts-1_0-0-1.22.0-lp155.3.14.1 libgstmpegts-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstphotography-1_0-0-1.22.0-lp155.3.14.1 libgstphotography-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstplay-1_0-0-1.22.0-lp155.3.14.1 libgstplay-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstplayer-1_0-0-1.22.0-lp155.3.14.1 libgstplayer-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstsctp-1_0-0-1.22.0-lp155.3.14.1 libgstsctp-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgsttranscoder-1_0-0-1.22.0-lp155.3.14.1 libgsttranscoder-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgsturidownloader-1_0-0-1.22.0-lp155.3.14.1 libgsturidownloader-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstva-1_0-0-1.22.0-lp155.3.14.1 libgstva-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstvulkan-1_0-0-1.22.0-lp155.3.14.1 libgstvulkan-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstwayland-1_0-0-1.22.0-lp155.3.14.1 libgstwayland-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstwebrtc-1_0-0-1.22.0-lp155.3.14.1 libgstwebrtc-1_0-0-debuginfo-1.22.0-lp155.3.14.1 libgstwebrtcnice-1_0-0-1.22.0-lp155.3.14.1 libgstwebrtcnice-1_0-0-debuginfo-1.22.0-lp155.3.14.1 typelib-1_0-CudaGst-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstBadAudio-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstCodecs-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstCuda-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstInsertBin-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstMpegts-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstPlay-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstPlayer-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstTranscoder-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstVa-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstVulkan-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstVulkanWayland-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstVulkanXCB-1_0-1.22.0-lp155.3.14.1 typelib-1_0-GstWebRTC-1_0-1.22.0-lp155.3.14.1 - openSUSE Leap 15.5 (aarch64_ilp32): gstreamer-plugins-bad-64bit-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-64bit-debuginfo-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-chromaprint-64bit-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-chromaprint-64bit-debuginfo-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-fluidsynth-64bit-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-fluidsynth-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstadaptivedemux-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstadaptivedemux-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstbadaudio-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstbadaudio-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstbasecamerabinsrc-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstbasecamerabinsrc-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstcodecparsers-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstcodecparsers-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstcodecs-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstcodecs-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstcuda-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstcuda-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstinsertbin-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstinsertbin-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstisoff-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstisoff-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstmpegts-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstmpegts-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstphotography-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstphotography-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstplay-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstplay-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstplayer-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstplayer-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstsctp-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstsctp-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgsturidownloader-1_0-0-64bit-1.22.0-lp155.3.14.1 libgsturidownloader-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstva-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstva-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstvulkan-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstvulkan-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstwayland-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstwayland-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstwebrtc-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstwebrtc-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 libgstwebrtcnice-1_0-0-64bit-1.22.0-lp155.3.14.1 libgstwebrtcnice-1_0-0-64bit-debuginfo-1.22.0-lp155.3.14.1 - openSUSE Leap 15.5 (noarch): gstreamer-plugins-bad-lang-1.22.0-lp155.3.14.1 - openSUSE Leap 15.5 (x86_64): gstreamer-plugins-bad-32bit-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-32bit-debuginfo-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-chromaprint-32bit-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-chromaprint-32bit-debuginfo-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-fluidsynth-32bit-1.22.0-lp155.3.14.1 gstreamer-plugins-bad-fluidsynth-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstadaptivedemux-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstadaptivedemux-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstbadaudio-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstbadaudio-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstbasecamerabinsrc-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstbasecamerabinsrc-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstcodecparsers-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstcodecparsers-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstcodecs-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstcodecs-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstcuda-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstcuda-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstinsertbin-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstinsertbin-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstisoff-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstisoff-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstmpegts-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstmpegts-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstphotography-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstphotography-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstplay-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstplay-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstplayer-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstplayer-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstsctp-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstsctp-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgsturidownloader-1_0-0-32bit-1.22.0-lp155.3.14.1 libgsturidownloader-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstva-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstva-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstvulkan-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstvulkan-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstwayland-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstwayland-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstwebrtc-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstwebrtc-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 libgstwebrtcnice-1_0-0-32bit-1.22.0-lp155.3.14.1 libgstwebrtcnice-1_0-0-32bit-debuginfo-1.22.0-lp155.3.14.1 References: https://www.suse.com/security/cve/CVE-2023-22656.html https://www.suse.com/security/cve/CVE-2023-45221.html https://www.suse.com/security/cve/CVE-2023-47169.html https://www.suse.com/security/cve/CVE-2023-47282.html https://www.suse.com/security/cve/CVE-2023-48368.html https://www.suse.com/security/cve/CVE-2023-50186.html https://bugzilla.suse.com/1218534 https://bugzilla.suse.com/1219494 https://bugzilla.suse.com/1223263 https://bugzilla.suse.com/1226892 https://bugzilla.suse.com/1226897 https://bugzilla.suse.com/1226898 https://bugzilla.suse.com/1226899 https://bugzilla.suse.com/1226900 https://bugzilla.suse.com/1226901