Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2021.1944.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2021:1944-1)
Summary:The remote host is missing an update for the 'gstreamer-plugins-bad' package(s) announced via the SUSE-SU-2021:1944-1 advisory.
Description:Summary:
The remote host is missing an update for the 'gstreamer-plugins-bad' package(s) announced via the SUSE-SU-2021:1944-1 advisory.

Vulnerability Insight:
This update for gstreamer-plugins-bad fixes the following issues:

Update to version 1.16.3:
- CVE-2021-3185: buffer overflow in
gst_h264_slice_parse_dec_ref_pic_marking() (bsc#1181255)
- amcvideodec: fix sync meta copying not taking a reference
- audiobuffersplit: Perform discont tracking on running time
- audiobuffersplit: Specify in the template caps that only interleaved
audio is supported
- audiobuffersplit: Unset DISCONT flag if not discontinuous
- autoconvert: Fix lock-less exchange or free condition
- autoconvert: fix compiler warnings with g_atomic on recent GLib versions
- avfvideosrc: element requests camera permissions even with
capture-screen property is true
- codecparsers: h264parser: guard against ref_pic_markings overflow
- dtlsconnection: Avoid segmentation fault when no srtp capabilities are
negotiated
- dtls/connection: fix EOF handling with openssl 1.1.1e
- fdkaacdec: add support for mpegversion=2
- hls: Check nettle version to ensure AES128 support
- ipcpipeline: Rework compiler checks
- interlace: Increment phase_index before checking if we're at the end of
the phase
- h264parser: Do not allocate too large size of memory for registered
user data SEI
- ladspa: fix unbounded integer properties
- modplug: avoid division by zero
- msdkdec: Fix GstMsdkContext leak
- msdkenc: fix leaks on windows
- musepackdec: Don't fail all queries if no sample rate is known yet
- openslessink: Allow openslessink to handle 48kHz streams.
- opencv: allow compilation against 4.2.x
- proxysink: event_function needs to handle the event when it is
disconnecetd from proxysrc
- vulkan: Drop use of VK_RESULT_BEGIN_RANGE
- wasapi: added missing lock release in case of error in
gst_wasapi_xxx_reset
- wasapi: Fix possible deadlock while downwards state change
- waylandsink: Clear window when pipeline is stopped
- webrtc: Support non-trickle ICE candidates in the SDP
- webrtc: Unmap all non-binary buffers received via the datachannel

Affected Software/OS:
'gstreamer-plugins-bad' package(s) on SUSE Linux Enterprise Module for Desktop Applications 15-SP3, SUSE Linux Enterprise Module for Basesystem 15-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2021-3185
https://bugzilla.redhat.com/show_bug.cgi?id=1917192
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.