Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.1875
Security update for gstreamer, gstreamer-plugins-bad,
gstreamer-plugins-base, gstreamer-plugins-good, gstreamer-plugins-ugly
2 June 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: gstreamer
gstreamer-plugins-bad
gstreamer-plugins-base
gstreamer-plugins-good
gstreamer-plugins-ugly
Publisher: SUSE
Operating System: SUSE
UNIX variants (UNIX, Linux, OSX)
Windows
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Denial of Service -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-3185
Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20211819-1
Comment: This advisory references vulnerabilities in products which run on
platforms other than SUSE. It is recommended that administrators
running gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base,
gstreamer-plugins-good or gstreamer-plugins-ugly check for an
updated version of the software for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for gstreamer, gstreamer-plugins-bad,
gstreamer-plugins-base, gstreamer-plugins-good,
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:1819-1
Rating: important
References: #1181255
Cross-References: CVE-2021-3185
Affected Products:
SUSE MicroOS 5.0
SUSE Linux Enterprise Workstation Extension 15-SP3
SUSE Linux Enterprise Workstation Extension 15-SP2
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
SUSE Linux Enterprise Module for Desktop Applications 15-SP2
SUSE Linux Enterprise Module for Basesystem 15-SP3
SUSE Linux Enterprise Module for Basesystem 15-SP2
______________________________________________________________________________
gstreamer-plugins-ugly
An update that fixes one vulnerability, contains one feature is now available.
Description:
This update for gstreamer, gstreamer-plugins-bad, gstreamer-plugins-base,
gstreamer-plugins-good, gstreamer-plugins-ugly fixes the following issues:
gstreamer was updated to version 1.16.3 (bsc#1181255):
o delay creation of threadpools
o bin: Fix `deep-element-removed` log message
o buffer: fix meta sequence number fallback on rpi
o bufferlist: foreach: always remove as parent if buffer is changed
o bus: Make setting/replacing/clearing the sync handler thread-safe
o elementfactory: Fix missing features in case a feature moves to another
filename
o element: When removing a ghost pad also unset its target
o meta: intern registered impl string
o registry: Use a toolchain-specific registry file on Windows
o systemclock: Invalid internal time calculation causes non-increasing clock
time on Windows
o value: don't write to `const char *`
o value: Fix segfault comparing empty GValueArrays
o Revert floating enforcing
o aggregator: fix iteration direction in skip_buffers
o sparsefile: fix possible crash when seeking
o baseparse: cache fix
o baseparse: fix memory leak when subclass skips whole input buffer
o baseparse: Set the private duration before posting a duration-changed
message
o basetransform: allow not passthrough if generate_output is implemented
o identity: Fix a minor leak using meta_str
o queue: protect against lost wakeups for iterm_del condition
o queue2: Avoid races when posting buffering messages
o queue2: Fix missing/dropped buffering messages at startup
o identity: Unblock condition variable on FLUSH_START
o check: Use `g_thread_yield()` instead of `g_usleep(1)`
o tests: use cpu_family for arch checks
o gst-launch: Follow up to missing `s/g_print/gst_print/g`
o gst-inspect: Add define guard for `g_log_writer_supports_color()`
o gst-launch: go back down to `GST_STATE_NULL` in one step.
o device-monitor: list hidden providers before listing devices
o autotools build fixes for GNU make 4.3
gstreamer-plugins-good was updated to version 1.16.3 (bsc#1181255):
o deinterlace: on-the-fly renegotiation
o flacenc: Pass audio info from set_format() to query_total_samples()
explicitly
o flacparse: fix broken reordering of flac metadata
o jack: Use jack_free(3) to release ports
o jpegdec: check buffer size before dereferencing
o pulse: fix discovery of newly added devices
o qtdemux fuzzing fixes
o qtdemux: Add 'mp3 ' fourcc that VLC seems to produce now
o qtdemux: Specify REDIRECT information in error message
o rtpbin: fix shutdown crash in rtpbin
o rtpsession: rename RTCP thread
o rtpvp8pay, rtpvp9pay: fix caps leak in set_caps()
o rtpjpegdepay: outputs framed jpeg
o rtpjitterbuffer: Properly free internal packets queue in finalize()
o rtspsrc: Don't return TRUE for unhandled query
o rtspsrc: Avoid stack overflow recursing waiting for response
o rtspsrc: Use the correct type for storing the max-rtcp-rtp-time-diff
property
o rtspsrc: Error out when failling to receive message response
o rtspsrc: Fix for segmentation fault when handling set/get_parameter
requests
o speex: Fix crash on Windows caused by cross-CRT issue
o speexdec: Crash when stopping the pipeline
o splitmuxsrc: Properly stop the loop if no part reader is present
o use gst_element_class_set_metadata when passing dynamic strings
o v4l2videodec: Increase internal bitstream pool size
o v4l2: fix crash when handling unsupported video format
o videocrop: allow properties to be animated by GstController
o videomixer: Don't leak peer caps
o vp8enc/vp8enc: set 1 for the default value of VP8E_SET_STATIC_THRESHOLD
o wavenc: Fix writing of the channel mask with >2 channels
gstreamer-plugins-bad was updated to version 1.16.3 (bsc#1181255):
o amcvideodec: fix sync meta copying not taking a reference
o audiobuffersplit: Perform discont tracking on running time
o audiobuffersplit: Specify in the template caps that only interleaved audio
is supported
o audiobuffersplit: Unset DISCONT flag if not discontinuous
o autoconvert: Fix lock-less exchange or free condition
o autoconvert: fix compiler warnings with g_atomic on recent GLib versions
o avfvideosrc: element requests camera permissions even with capture-screen
property is true
o codecparsers: h264parser: guard against ref_pic_markings overflow
o dtlsconnection: Avoid segmentation fault when no srtp capabilities are
negotiated
o dtls/connection: fix EOF handling with openssl 1.1.1e
o fdkaacdec: add support for mpegversion=2
o hls: Check nettle version to ensure AES128 support
o ipcpipeline: Rework compiler checks
o interlace: Increment phase_index before checking if we're at the end of the
phase
o lv2: Make it build with -fno-common
o h264parser: Do not allocate too large size of memory for registered user
data SEI
o ladspa: fix unbounded integer properties
o modplug: avoid division by zero
o msdkdec: Fix GstMsdkContext leak
o msdkenc: fix leaks on windows
o musepackdec: Don't fail all queries if no sample rate is known yet
o openslessink: Allow openslessink to handle 48kHz streams.
o opencv: allow compilation against 4.2.x
o proxysink: event_function needs to handle the event when it is disconnecetd
from proxysrc
o vulkan: Drop use of VK_RESULT_BEGIN_RANGE
o wasapi: added missing lock release in case of error in gst_wasapi_xxx_reset
o wasapi: Fix possible deadlock while downwards state change
o waylandsink: Clear window when pipeline is stopped
o webrtc: Support non-trickle ICE candidates in the SDP
o webrtc: Unmap all non-binary buffers received via the datachannel
o meson: build with neon 0.31
o Drop upstream fixed patch: gstreamer-h264parser-fix-overflow.patch
o h264parser: guard against ref_pic_markings overflow (bsc#1181255
CVE-2021-3185)
o Disable the kate/libtiger plugin. Kate streams for karaoke are not used
anymore, and the source tarball for libtiger is no longer available
upstream. (jsc#SLE-13843)
gstreamer-plugins-ugly was updated to version 1.16.3 (bsc#1181255):
o x264enc: corrected em_data value in CEA-708 CC SEI message
gstreamer-plugins-base was updated to version 1.16.3 (bsc#1181255):
o audioaggregator: Check all downstream allowed caps structures if they
support the upstream rate
o audioaggregator: Fix negotiation with downstream if there is no peer yet
o audioencoder: fix segment event leak
o discoverer: Fix caps handling in `pad-added` signal handler
o discoverer: Start discovering next URI from right thread
o fft: Update our kiss fft version, fixes thread-safety and concurrency
issues and misc other things
o gl: numerous memory fixes (use-after-free, leaks, missing NULL-ify)
o gl/display/egl: ensure debug category is initialized
o gstglwindow_x11: fix resize
o pbutils: Add latest H.264 level values
o rtpbuffer: fix header extension length validation
o video: Fix NV12_64Z32 number of component
o video-format: RGB16/15 are not 16 bit per component but only 5.333 and 5
o video: fix top/bottom field flags
o videodecoder: don't copy interlace-mode from reference state
o appsrc/appsink: Make setting/replacing callbacks thread-safe
o compositor: Fix checkerboard filling for BGRx/RGBx and UYVY/YUY2/YVYU
o decodebin3: only force streams-selected seqnum after a select-streams
o glupload: Fix fallback from direct dmabuf to dmabuf upload method
o glvideomixer: perform `_get_highest_precision()` on the GL thread
o libvisual: use `gst_element_class_set_metadata()` when passing dynamic
strings
o oggstream: Workaround for broken PAR in VP8 BOS
o subparse: accept WebVTT timestamps without an hour component
o playbin: Handle error message with redirection indication
o textrender: Fix AYUV output.
o typefind: Consider MPEG-PS PSM to be a PES type
o uridecodebin3: default to non-0 buffer-size and buffer-duration, otherwise
it could potentially cause big memory allocations over time
o videoaggregator: Don't configure NULL chroma-site/colorimetry
o videorate/videoscale/audioresample: Ensure that the caps returned from...
o build: Replace bashisms in configure for Wayland and GLES3
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE MicroOS 5.0:
zypper in -t patch SUSE-SUSE-MicroOS-5.0-2021-1819=1
o SUSE Linux Enterprise Workstation Extension 15-SP3:
zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2021-1819=1
o SUSE Linux Enterprise Workstation Extension 15-SP2:
zypper in -t patch SUSE-SLE-Product-WE-15-SP2-2021-1819=1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2021-1819=
1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2:
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP2-2021-1819=
1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP2:
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP2-2021-1819=1
o SUSE Linux Enterprise Module for Basesystem 15-SP3:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2021-1819=1
o SUSE Linux Enterprise Module for Basesystem 15-SP2:
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP2-2021-1819=1
Package List:
o SUSE MicroOS 5.0 (aarch64 x86_64):
gstreamer-1.16.3-3.3.1
gstreamer-debuginfo-1.16.3-3.3.1
gstreamer-debugsource-1.16.3-3.3.1
gstreamer-plugins-base-1.16.3-4.3.1
gstreamer-plugins-base-debuginfo-1.16.3-4.3.1
gstreamer-plugins-base-debugsource-1.16.3-4.3.1
libgstallocators-1_0-0-1.16.3-4.3.1
libgstallocators-1_0-0-debuginfo-1.16.3-4.3.1
libgstapp-1_0-0-1.16.3-4.3.1
libgstapp-1_0-0-debuginfo-1.16.3-4.3.1
libgstaudio-1_0-0-1.16.3-4.3.1
libgstaudio-1_0-0-debuginfo-1.16.3-4.3.1
libgstgl-1_0-0-1.16.3-4.3.1
libgstgl-1_0-0-debuginfo-1.16.3-4.3.1
libgstpbutils-1_0-0-1.16.3-4.3.1
libgstpbutils-1_0-0-debuginfo-1.16.3-4.3.1
libgstreamer-1_0-0-1.16.3-3.3.1
libgstreamer-1_0-0-debuginfo-1.16.3-3.3.1
libgstriff-1_0-0-1.16.3-4.3.1
libgstriff-1_0-0-debuginfo-1.16.3-4.3.1
libgsttag-1_0-0-1.16.3-4.3.1
libgsttag-1_0-0-debuginfo-1.16.3-4.3.1
libgstvideo-1_0-0-1.16.3-4.3.1
libgstvideo-1_0-0-debuginfo-1.16.3-4.3.1
o SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64):
gstreamer-plugins-ugly-1.16.3-3.3.1
gstreamer-plugins-ugly-debuginfo-1.16.3-3.3.1
gstreamer-plugins-ugly-debugsource-1.16.3-3.3.1
o SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch):
gstreamer-plugins-ugly-lang-1.16.3-3.3.1
o SUSE Linux Enterprise Workstation Extension 15-SP2 (noarch):
gstreamer-plugins-ugly-lang-1.16.3-3.3.1
o SUSE Linux Enterprise Workstation Extension 15-SP2 (x86_64):
gstreamer-plugins-ugly-1.16.3-3.3.1
gstreamer-plugins-ugly-debuginfo-1.16.3-3.3.1
gstreamer-plugins-ugly-debugsource-1.16.3-3.3.1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64):
gstreamer-32bit-1.16.3-3.3.1
gstreamer-32bit-debuginfo-1.16.3-3.3.1
gstreamer-debugsource-1.16.3-3.3.1
gstreamer-plugins-base-32bit-debuginfo-1.16.3-4.3.1
gstreamer-plugins-base-debugsource-1.16.3-4.3.1
libgstaudio-1_0-0-32bit-1.16.3-4.3.1
libgstaudio-1_0-0-32bit-debuginfo-1.16.3-4.3.1
libgstreamer-1_0-0-32bit-1.16.3-3.3.1
libgstreamer-1_0-0-32bit-debuginfo-1.16.3-3.3.1
libgsttag-1_0-0-32bit-1.16.3-4.3.1
libgsttag-1_0-0-32bit-debuginfo-1.16.3-4.3.1
libgstvideo-1_0-0-32bit-1.16.3-4.3.1
libgstvideo-1_0-0-32bit-debuginfo-1.16.3-4.3.1
o SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2 (x86_64):
gstreamer-32bit-1.16.3-3.3.1
gstreamer-32bit-debuginfo-1.16.3-3.3.1
gstreamer-debugsource-1.16.3-3.3.1
gstreamer-plugins-base-32bit-debuginfo-1.16.3-4.3.1
gstreamer-plugins-base-debugsource-1.16.3-4.3.1
libgstaudio-1_0-0-32bit-1.16.3-4.3.1
libgstaudio-1_0-0-32bit-debuginfo-1.16.3-4.3.1
libgstreamer-1_0-0-32bit-1.16.3-3.3.1
libgstreamer-1_0-0-32bit-debuginfo-1.16.3-3.3.1
libgsttag-1_0-0-32bit-1.16.3-4.3.1
libgsttag-1_0-0-32bit-debuginfo-1.16.3-4.3.1
libgstvideo-1_0-0-32bit-1.16.3-4.3.1
libgstvideo-1_0-0-32bit-debuginfo-1.16.3-4.3.1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (aarch64
ppc64le s390x x86_64):
gstreamer-debuginfo-1.16.3-3.3.1
gstreamer-debugsource-1.16.3-3.3.1
gstreamer-devel-1.16.3-3.3.1
gstreamer-plugins-bad-1.16.3-4.4.1
gstreamer-plugins-bad-chromaprint-1.16.3-4.4.1
gstreamer-plugins-bad-chromaprint-debuginfo-1.16.3-4.4.1
gstreamer-plugins-bad-debuginfo-1.16.3-4.4.1
gstreamer-plugins-bad-debugsource-1.16.3-4.4.1
gstreamer-plugins-bad-devel-1.16.3-4.4.1
gstreamer-plugins-base-debuginfo-1.16.3-4.3.1
gstreamer-plugins-base-debugsource-1.16.3-4.3.1
gstreamer-plugins-base-devel-1.16.3-4.3.1
gstreamer-utils-1.16.3-3.3.1
gstreamer-utils-debuginfo-1.16.3-3.3.1
libgstadaptivedemux-1_0-0-1.16.3-4.4.1
libgstadaptivedemux-1_0-0-debuginfo-1.16.3-4.4.1
libgstbadaudio-1_0-0-1.16.3-4.4.1
libgstbadaudio-1_0-0-debuginfo-1.16.3-4.4.1
libgstbasecamerabinsrc-1_0-0-1.16.3-4.4.1
libgstbasecamerabinsrc-1_0-0-debuginfo-1.16.3-4.4.1
libgstcodecparsers-1_0-0-1.16.3-4.4.1
libgstcodecparsers-1_0-0-debuginfo-1.16.3-4.4.1
libgstinsertbin-1_0-0-1.16.3-4.4.1
libgstinsertbin-1_0-0-debuginfo-1.16.3-4.4.1
libgstisoff-1_0-0-1.16.3-4.4.1
libgstisoff-1_0-0-debuginfo-1.16.3-4.4.1
libgstmpegts-1_0-0-1.16.3-4.4.1
libgstmpegts-1_0-0-debuginfo-1.16.3-4.4.1
libgstplayer-1_0-0-1.16.3-4.4.1
libgstplayer-1_0-0-debuginfo-1.16.3-4.4.1
libgstsctp-1_0-0-1.16.3-4.4.1
libgstsctp-1_0-0-debuginfo-1.16.3-4.4.1
libgsturidownloader-1_0-0-1.16.3-4.4.1
libgsturidownloader-1_0-0-debuginfo-1.16.3-4.4.1
libgstwayland-1_0-0-1.16.3-4.4.1
libgstwayland-1_0-0-debuginfo-1.16.3-4.4.1
libgstwebrtc-1_0-0-1.16.3-4.4.1
libgstwebrtc-1_0-0-debuginfo-1.16.3-4.4.1
typelib-1_0-GstAllocators-1_0-1.16.3-4.3.1
typelib-1_0-GstApp-1_0-1.16.3-4.3.1
typelib-1_0-GstAudio-1_0-1.16.3-4.3.1
typelib-1_0-GstGL-1_0-1.16.3-4.3.1
typelib-1_0-GstInsertBin-1_0-1.16.3-4.4.1
typelib-1_0-GstMpegts-1_0-1.16.3-4.4.1
typelib-1_0-GstPbutils-1_0-1.16.3-4.3.1
typelib-1_0-GstPlayer-1_0-1.16.3-4.4.1
typelib-1_0-GstRtp-1_0-1.16.3-4.3.1
typelib-1_0-GstRtsp-1_0-1.16.3-4.3.1
typelib-1_0-GstSdp-1_0-1.16.3-4.3.1
typelib-1_0-GstTag-1_0-1.16.3-4.3.1
typelib-1_0-GstVideo-1_0-1.16.3-4.3.1
typelib-1_0-GstWebRTC-1_0-1.16.3-4.4.1
o SUSE Linux Enterprise Module for Desktop Applications 15-SP2 (noarch):
gstreamer-plugins-bad-lang-1.16.3-4.4.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x
x86_64):
gstreamer-1.16.3-3.3.1
gstreamer-debuginfo-1.16.3-3.3.1
gstreamer-debugsource-1.16.3-3.3.1
gstreamer-devel-1.16.3-3.3.1
gstreamer-plugins-base-1.16.3-4.3.1
gstreamer-plugins-base-debuginfo-1.16.3-4.3.1
gstreamer-plugins-base-debugsource-1.16.3-4.3.1
gstreamer-plugins-base-devel-1.16.3-4.3.1
gstreamer-plugins-good-1.16.3-3.3.1
gstreamer-plugins-good-debuginfo-1.16.3-3.3.1
gstreamer-plugins-good-debugsource-1.16.3-3.3.1
gstreamer-utils-1.16.3-3.3.1
gstreamer-utils-debuginfo-1.16.3-3.3.1
libgstallocators-1_0-0-1.16.3-4.3.1
libgstallocators-1_0-0-debuginfo-1.16.3-4.3.1
libgstapp-1_0-0-1.16.3-4.3.1
libgstapp-1_0-0-debuginfo-1.16.3-4.3.1
libgstaudio-1_0-0-1.16.3-4.3.1
libgstaudio-1_0-0-debuginfo-1.16.3-4.3.1
libgstfft-1_0-0-1.16.3-4.3.1
libgstfft-1_0-0-debuginfo-1.16.3-4.3.1
libgstgl-1_0-0-1.16.3-4.3.1
libgstgl-1_0-0-debuginfo-1.16.3-4.3.1
libgstpbutils-1_0-0-1.16.3-4.3.1
libgstpbutils-1_0-0-debuginfo-1.16.3-4.3.1
libgstreamer-1_0-0-1.16.3-3.3.1
libgstreamer-1_0-0-debuginfo-1.16.3-3.3.1
libgstriff-1_0-0-1.16.3-4.3.1
libgstriff-1_0-0-debuginfo-1.16.3-4.3.1
libgstrtp-1_0-0-1.16.3-4.3.1
libgstrtp-1_0-0-debuginfo-1.16.3-4.3.1
libgstrtsp-1_0-0-1.16.3-4.3.1
libgstrtsp-1_0-0-debuginfo-1.16.3-4.3.1
libgstsdp-1_0-0-1.16.3-4.3.1
libgstsdp-1_0-0-debuginfo-1.16.3-4.3.1
libgsttag-1_0-0-1.16.3-4.3.1
libgsttag-1_0-0-debuginfo-1.16.3-4.3.1
libgstvideo-1_0-0-1.16.3-4.3.1
libgstvideo-1_0-0-debuginfo-1.16.3-4.3.1
typelib-1_0-Gst-1_0-1.16.3-3.3.1
typelib-1_0-GstAllocators-1_0-1.16.3-4.3.1
typelib-1_0-GstApp-1_0-1.16.3-4.3.1
typelib-1_0-GstAudio-1_0-1.16.3-4.3.1
typelib-1_0-GstGL-1_0-1.16.3-4.3.1
typelib-1_0-GstPbutils-1_0-1.16.3-4.3.1
typelib-1_0-GstRtp-1_0-1.16.3-4.3.1
typelib-1_0-GstRtsp-1_0-1.16.3-4.3.1
typelib-1_0-GstSdp-1_0-1.16.3-4.3.1
typelib-1_0-GstTag-1_0-1.16.3-4.3.1
typelib-1_0-GstVideo-1_0-1.16.3-4.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch):
gstreamer-lang-1.16.3-3.3.1
gstreamer-plugins-base-lang-1.16.3-4.3.1
gstreamer-plugins-good-lang-1.16.3-3.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (aarch64 ppc64le s390x
x86_64):
gstreamer-1.16.3-3.3.1
gstreamer-debuginfo-1.16.3-3.3.1
gstreamer-debugsource-1.16.3-3.3.1
gstreamer-plugins-bad-debuginfo-1.16.3-4.4.1
gstreamer-plugins-bad-debugsource-1.16.3-4.4.1
gstreamer-plugins-base-1.16.3-4.3.1
gstreamer-plugins-base-debuginfo-1.16.3-4.3.1
gstreamer-plugins-base-debugsource-1.16.3-4.3.1
gstreamer-plugins-good-1.16.3-3.3.1
gstreamer-plugins-good-debuginfo-1.16.3-3.3.1
gstreamer-plugins-good-debugsource-1.16.3-3.3.1
libgstallocators-1_0-0-1.16.3-4.3.1
libgstallocators-1_0-0-debuginfo-1.16.3-4.3.1
libgstapp-1_0-0-1.16.3-4.3.1
libgstapp-1_0-0-debuginfo-1.16.3-4.3.1
libgstaudio-1_0-0-1.16.3-4.3.1
libgstaudio-1_0-0-debuginfo-1.16.3-4.3.1
libgstfft-1_0-0-1.16.3-4.3.1
libgstfft-1_0-0-debuginfo-1.16.3-4.3.1
libgstgl-1_0-0-1.16.3-4.3.1
libgstgl-1_0-0-debuginfo-1.16.3-4.3.1
libgstpbutils-1_0-0-1.16.3-4.3.1
libgstpbutils-1_0-0-debuginfo-1.16.3-4.3.1
libgstphotography-1_0-0-1.16.3-4.4.1
libgstphotography-1_0-0-debuginfo-1.16.3-4.4.1
libgstreamer-1_0-0-1.16.3-3.3.1
libgstreamer-1_0-0-debuginfo-1.16.3-3.3.1
libgstriff-1_0-0-1.16.3-4.3.1
libgstriff-1_0-0-debuginfo-1.16.3-4.3.1
libgstrtp-1_0-0-1.16.3-4.3.1
libgstrtp-1_0-0-debuginfo-1.16.3-4.3.1
libgstrtsp-1_0-0-1.16.3-4.3.1
libgstrtsp-1_0-0-debuginfo-1.16.3-4.3.1
libgstsdp-1_0-0-1.16.3-4.3.1
libgstsdp-1_0-0-debuginfo-1.16.3-4.3.1
libgsttag-1_0-0-1.16.3-4.3.1
libgsttag-1_0-0-debuginfo-1.16.3-4.3.1
libgstvideo-1_0-0-1.16.3-4.3.1
libgstvideo-1_0-0-debuginfo-1.16.3-4.3.1
typelib-1_0-Gst-1_0-1.16.3-3.3.1
o SUSE Linux Enterprise Module for Basesystem 15-SP2 (noarch):
gstreamer-lang-1.16.3-3.3.1
gstreamer-plugins-base-lang-1.16.3-4.3.1
gstreamer-plugins-good-lang-1.16.3-3.3.1
References:
o https://www.suse.com/security/cve/CVE-2021-3185.html
o https://bugzilla.suse.com/1181255
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYLbKJuNLKJtyKPYoAQg+LQ//UxDKktfWNxp18xr8OB1u541QEFErP2Zo
Lrg61ve51IHU3EzaiTEISJmb27KG5MBHhCkAxEJBQjm+9WGABZWvXsQrAUIQkgRq
7wnxd14Sc4aAiMMwRUalgVIo5xeDKcRsJ2kU4m3vQS/0StoZE9D4UTTWoTJY7Ufv
xTKDLShomfpoIiI8nfKWkOhoVWCEOb4WRaHfc5G54mal4MqN+x/0Y0T6cSoYgUcJ
RVjF+8NoBz3YqftwumQEmjbbRGXIy0sMCosCpyr651QdL2AiNcEuGbtVEiM/zGIv
gRs2WxH4oC0DywBbmbhapefaa6lFVYLZ6VpO8ad9rajlHRI79OPHmA7W6wnVunph
r+PFdqJ2fRK1DIuJy5h81KjXVpn3utcEdbCAdf9qz/MLCF5ecyl2HVhQ0WqKj5wK
N9W1Np+HQjvkf9u9yDXfWPAyN77/1D5IZA7MI+UCM6EOY+NB33CtmVheYqQhSwXe
LRJqj1tgyEqb9K5JiroM7HPAQ4fiHpyOxhQpp6PQ64ShWRntjjM+00z6ACEpBrFx
5ikUDznzJmsNdy83QKpFYAHjwarMnntyCdW59ropnDp1ao4xfG8mAKaRbfisvuid
AbK4G4CfdURrbXKerdVz5hlPmJ1i85frHBk6EYHL1mT48FhiHyQpAKIDRXnszeEx
1f28t+90KEM=
=DUA3
-----END PGP SIGNATURE-----