SUSE: 2024:1893-1 important: gstreamer-plugins-base Security Advisory Updates
Summary
## This update for gstreamer-plugins-base fixes the following issues: * CVE-2024-4453: Fixed lack of proper validation of user-supplied data when parsing EXIF metadata (bsc#1224806) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2024-1893=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1893=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1893=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2024-1893=1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 zypper in -t patch SUSE-SLE-WE-12-SP5-2024-1893=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * typelib-1_0-GstAudio-1_0-1.8.3-13.15.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.15.1 * typelib-1_0-GstPbutils-1_0-1.8.3-13.15.1 * typelib-1_0-GstVideo-1_0-1.8.3-13.15.1 * typelib-1_0-GstRtp-1_0-1.8.3-13.15.1 * typelib-1_0-GstAllocators-1_0-1.8.3-13.15.1 * typelib-1_0-GstRtsp-1_0-1.8.3-13.15.1 * typelib-1_0-GstSdp-1_0-1.8.3-13.15.1 * typelib-1_0-GstTag-1_0-1.8.3-13.15.1 * gstreamer-plugins-base-devel-1.8.3-13.15.1 * typelib-1_0-GstFft-1_0-1.8.3-13.15.1 * gstreamer-plugins-base-debugsource-1.8.3-13.15.1 * typelib-1_0-GstApp-1_0-1.8.3-13.15.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * libgstrtp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstapp-1_0-0-1.8.3-13.15.1 * libgstrtsp-1_0-0-1.8.3-13.15.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.15.1 * libgstsdp-1_0-0-1.8.3-13.15.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.15.1 * libgstallocators-1_0-0-1.8.3-13.15.1 * libgstvideo-1_0-0-1.8.3-13.15.1 * libgstriff-1_0-0-1.8.3-13.15.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.15.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.15.1 * libgstapp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.15.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstpbutils-1_0-0-1.8.3-13.15.1 * libgstfft-1_0-0-1.8.3-13.15.1 * gstreamer-plugins-base-debugsource-1.8.3-13.15.1 * libgstaudio-1_0-0-1.8.3-13.15.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.15.1 * gstreamer-plugins-base-1.8.3-13.15.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.15.1 * libgsttag-1_0-0-1.8.3-13.15.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.15.1 * libgstrtp-1_0-0-1.8.3-13.15.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.15.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.15.1 * libgstaudio-1_0-0-32bit-1.8.3-13.15.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.15.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgsttag-1_0-0-32bit-1.8.3-13.15.1 * libgstvideo-1_0-0-32bit-1.8.3-13.15.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgstapp-1_0-0-32bit-1.8.3-13.15.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * libgstrtp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstapp-1_0-0-1.8.3-13.15.1 * libgstrtsp-1_0-0-1.8.3-13.15.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.15.1 * libgstsdp-1_0-0-1.8.3-13.15.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.15.1 * libgstallocators-1_0-0-1.8.3-13.15.1 * libgstvideo-1_0-0-1.8.3-13.15.1 * libgstriff-1_0-0-1.8.3-13.15.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.15.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.15.1 * libgstapp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.15.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstpbutils-1_0-0-1.8.3-13.15.1 * libgstfft-1_0-0-1.8.3-13.15.1 * gstreamer-plugins-base-debugsource-1.8.3-13.15.1 * libgstaudio-1_0-0-1.8.3-13.15.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.15.1 * gstreamer-plugins-base-1.8.3-13.15.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.15.1 * libgsttag-1_0-0-1.8.3-13.15.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.15.1 * libgstrtp-1_0-0-1.8.3-13.15.1 * SUSE Linux Enterprise Server 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.15.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.15.1 * libgstaudio-1_0-0-32bit-1.8.3-13.15.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.15.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgsttag-1_0-0-32bit-1.8.3-13.15.1 * libgstvideo-1_0-0-32bit-1.8.3-13.15.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgstapp-1_0-0-32bit-1.8.3-13.15.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * libgstrtp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstapp-1_0-0-1.8.3-13.15.1 * libgstrtsp-1_0-0-1.8.3-13.15.1 * libgstallocators-1_0-0-debuginfo-1.8.3-13.15.1 * libgstsdp-1_0-0-1.8.3-13.15.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.15.1 * libgstallocators-1_0-0-1.8.3-13.15.1 * libgstvideo-1_0-0-1.8.3-13.15.1 * libgstriff-1_0-0-1.8.3-13.15.1 * libgstfft-1_0-0-debuginfo-1.8.3-13.15.1 * libgstriff-1_0-0-debuginfo-1.8.3-13.15.1 * libgstapp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstaudio-1_0-0-debuginfo-1.8.3-13.15.1 * libgstrtsp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstpbutils-1_0-0-1.8.3-13.15.1 * libgstfft-1_0-0-1.8.3-13.15.1 * gstreamer-plugins-base-debugsource-1.8.3-13.15.1 * libgstaudio-1_0-0-1.8.3-13.15.1 * libgstsdp-1_0-0-debuginfo-1.8.3-13.15.1 * libgstvideo-1_0-0-debuginfo-1.8.3-13.15.1 * gstreamer-plugins-base-1.8.3-13.15.1 * libgstpbutils-1_0-0-debuginfo-1.8.3-13.15.1 * libgsttag-1_0-0-1.8.3-13.15.1 * libgsttag-1_0-0-debuginfo-1.8.3-13.15.1 * libgstrtp-1_0-0-1.8.3-13.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch) * gstreamer-plugins-base-lang-1.8.3-13.15.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.15.1 * libgstaudio-1_0-0-32bit-1.8.3-13.15.1 * libgstapp-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgstpbutils-1_0-0-32bit-1.8.3-13.15.1 * libgstaudio-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgsttag-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgsttag-1_0-0-32bit-1.8.3-13.15.1 * libgstvideo-1_0-0-32bit-1.8.3-13.15.1 * libgstpbutils-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * libgstapp-1_0-0-32bit-1.8.3-13.15.1 * libgstvideo-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * SUSE Linux Enterprise Workstation Extension 12 12-SP5 (x86_64) * typelib-1_0-GstAudio-1_0-1.8.3-13.15.1 * gstreamer-plugins-base-debuginfo-1.8.3-13.15.1 * libgstfft-1_0-0-debuginfo-32bit-1.8.3-13.15.1 * typelib-1_0-GstPbutils-1_0-1.8.3-13.15.1 * typelib-1_0-GstVideo-1_0-1.8.3-13.15.1 * gstreamer-plugins-base-debuginfo-32bit-1.8.3-13.15.1 * typelib-1_0-GstTag-1_0-1.8.3-13.15.1 * libgstfft-1_0-0-32bit-1.8.3-13.15.1 * gstreamer-plugins-base-debugsource-1.8.3-13.15.1
References
* bsc#1224806
Cross-
* CVE-2024-4453
CVSS scores:
* CVE-2024-4453 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Enterprise High Performance Computing 12 SP5
* SUSE Linux Enterprise Server 12 SP5
* SUSE Linux Enterprise Server for SAP Applications 12 SP5
* SUSE Linux Enterprise Software Development Kit 12 SP5
* SUSE Linux Enterprise Workstation Extension 12 12-SP5
An update that solves one vulnerability can now be installed.
##
* https://www.suse.com/security/cve/CVE-2024-4453.html
* https://bugzilla.suse.com/show_bug.cgi?id=1224806