gstreamer-plugins-good-1.22.0-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12709-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gstreamer-plugins-good-1.22.0-2.1 on GA media These are all security issues fixed in the gstreamer-plugins-good-1.22.0-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12709 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-1920/ SUSE CVE CVE-2022-1920 page https://www.suse.com/security/cve/CVE-2022-1921/ SUSE CVE CVE-2022-1921 page https://www.suse.com/security/cve/CVE-2022-1922/ SUSE CVE CVE-2022-1922 page https://www.suse.com/security/cve/CVE-2022-2122/ SUSE CVE CVE-2022-2122 page openSUSE Tumbleweed gstreamer-plugins-good-1.22.0-2.1 gstreamer-plugins-good-32bit-1.22.0-2.1 gstreamer-plugins-good-extra-1.22.0-2.1 gstreamer-plugins-good-extra-32bit-1.22.0-2.1 gstreamer-plugins-good-gtk-1.22.0-2.1 gstreamer-plugins-good-jack-1.22.0-2.1 gstreamer-plugins-good-jack-32bit-1.22.0-2.1 gstreamer-plugins-good-lang-1.22.0-2.1 gstreamer-plugins-good-qtqml-1.22.0-2.1 gstreamer-plugins-good-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-32bit-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-extra-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-extra-32bit-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-gtk-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-jack-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-jack-32bit-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-lang-1.22.0-2.1 as a component of openSUSE Tumbleweed gstreamer-plugins-good-qtqml-1.22.0-2.1 as a component of openSUSE Tumbleweed Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite. CVE-2022-1920 openSUSE Tumbleweed:gstreamer-plugins-good-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.22.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1920.html CVE-2022-1920 https://bugzilla.suse.com/1201688 SUSE Bug 1201688 Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite. CVE-2022-1921 openSUSE Tumbleweed:gstreamer-plugins-good-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.22.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1921.html CVE-2022-1921 https://bugzilla.suse.com/1201693 SUSE Bug 1201693 DOS / potential heap overwrite in mkv demuxing using zlib decompression. Integer overflow in matroskademux element in gst_matroska_decompress_data function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. If the libc uses mmap for large chunks, and the OS supports mmap, then it is just a segfault (because the realloc before the integer overflow will use mremap to reduce the size of the chunk, and it will start to write to unmapped memory). However, if using a libc implementation that does not use mmap, or if the OS does not support mmap while using libc, then this could result in a heap overwrite. CVE-2022-1922 openSUSE Tumbleweed:gstreamer-plugins-good-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.22.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-1922.html CVE-2022-1922 https://bugzilla.suse.com/1201702 SUSE Bug 1201702 DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite. CVE-2022-2122 openSUSE Tumbleweed:gstreamer-plugins-good-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-extra-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-gtk-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-jack-32bit-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-lang-1.22.0-2.1 openSUSE Tumbleweed:gstreamer-plugins-good-qtqml-1.22.0-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-2122.html CVE-2022-2122 https://bugzilla.suse.com/1201708 SUSE Bug 1201708