SUSE-SU-2025:0060-1: moderate: Security update for govulncheck-vulndb
SUSE-SU-2025:0058-1: important: Security update for tomcat
SUSE-SU-2025:0059-1: important: Security update for MozillaFirefox
openSUSE-SU-2025:14624-1: moderate: govulncheck-vulndb-0.0.20250108T191942-1.1 on GA media
openSUSE-SU-2025:14628-1: moderate: python311-slixmpp-1.8.6-1.1 on GA media
openSUSE-SU-2025:14627-1: moderate: logback-1.2.11-4.1 on GA media
SUSE-SU-2025:0062-1: important: Security update for gstreamer
SUSE-SU-2025:0065-1: important: Security update for gstreamer-plugins-base
SUSE-SU-2025:0064-1: important: Security update for gstreamer-plugins-good
SUSE-SU-2025:0066-1: moderate: Security update for apptainer
SUSE-SU-2025:0069-1: important: Security update for gstreamer-plugins-base
SUSE-SU-2025:0067-1: important: Security update for gstreamer-plugins-good
SUSE-SU-2025:0071-1: important: Security update for dnsmasq
SUSE-SU-2025:0072-1: important: Security update for logback
SUSE-SU-2025:0070-1: important: Security update for gstreamer
SUSE-SU-2025:0060-1: moderate: Security update for govulncheck-vulndb
# Security update for govulncheck-vulndb
Announcement ID: SUSE-SU-2025:0060-1
Release Date: 2025-01-10T11:33:34Z
Rating: moderate
References:
* jsc#PED-11136
Cross-References:
* CVE-2024-12678
* CVE-2024-25131
* CVE-2024-25133
* CVE-2024-28892
* CVE-2024-43803
* CVE-2024-45338
* CVE-2024-45387
* CVE-2024-54148
* CVE-2024-55196
* CVE-2024-55947
* CVE-2024-56362
* CVE-2024-56513
* CVE-2024-56514
* CVE-2024-9779
* CVE-2025-21609
* CVE-2025-21613
* CVE-2025-21614
* CVE-2025-22130
CVSS scores:
* CVE-2024-12678 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2024-12678 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-12678 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-25131 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-25133 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-28892 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-45338 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-45338 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-45338 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-45387 ( NVD ): 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
* CVE-2024-54148 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-54148 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-55196 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-55947 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-56362 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
* CVE-2024-56513 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-56514 ( NVD ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-9779 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:N
* CVE-2025-21609 ( NVD ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21613 ( NVD ): 9.2
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Clear
* CVE-2025-21613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2025-21614 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-21614 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-22130 ( NVD ): 5.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves 18 vulnerabilities and contains one feature can now be
installed.
## Description:
This update for govulncheck-vulndb fixes the following issues:
* Update to version 0.0.20250108T191942 2025-01-08T19:19:42Z. Refs
jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3371 GHSA-2r2v-9pf8-6342
* GO-2025-3374 CVE-2025-22130 GHSA-j4jw-m6xr-fv6c
* Update to version 0.0.20250107T160406 2025-01-07T16:04:06Z. Refs
jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2025-3363 GO-2025-3364 GO-2025-3367 GO-2025-3368
* GO-2024-3355 CVE-2024-54148 GHSA-r7j8-5h9c-f6fx
* GO-2024-3356 CVE-2024-55947 GHSA-qf5v-rp47-55gg
* GO-2024-3357 CVE-2024-56362 GHSA-xwx7-p63r-2rj8
* GO-2024-3358 CVE-2024-45387 GHSA-vq94-9pfv-ccqr
* GO-2024-3359 CVE-2024-28892 GHSA-5qww-56gc-f66c
* GO-2024-3360 CVE-2024-25133 GHSA-wgqq-9qh8-wvqv
* GO-2025-3361 CVE-2024-55196 GHSA-rv83-h68q-c4wq
* GO-2025-3362 CVE-2025-21609 GHSA-8fx8-pffw-w498
* GO-2025-3363 CVE-2024-56514 GHSA-cwrh-575j-8vr3
* GO-2025-3364 CVE-2024-56513 GHSA-mg7w-c9x2-xh7r
* GO-2025-3367 CVE-2025-21614 GHSA-r9px-m959-cxf4
* GO-2025-3368 CVE-2025-21613 GHSA-v725-9546-7q7m
* Update to version 0.0.20241220T214820 2024-12-20T21:48:20Z. Refs
jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3101 GHSA-75qh-gg76-p2w4
* GO-2024-3339 GHSA-8wcc-m6j2-qxvm
* Update to version 0.0.20241220T203729 2024-12-20T20:37:29Z. Refs
jsc#PED-11136 Go CVE Numbering Authority IDs added or updated with aliases:
* GO-2024-3101 GHSA-75qh-gg76-p2w4
* GO-2024-3109 CVE-2024-43803 GHSA-pqfh-xh7w-7h3p
* GO-2024-3333 CVE-2024-45338 GHSA-w32m-9786-jp63
* GO-2024-3342 GHSA-hxr6-2p24-hf98
* GO-2024-3343 CVE-2024-9779 GHSA-jhh6-6fhp-q2xp
* GO-2024-3344 GHSA-32gq-x56h-299c
* GO-2024-3349 CVE-2024-25131 GHSA-77c2-c35q-254w
* GO-2024-3350 GHSA-5pf6-cq2v-23ww
* GO-2024-3354 CVE-2024-12678 GHSA-hr68-hvgv-xxqf
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-60=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-60=1
## Package List:
* SUSE Package Hub 15 15-SP6 (noarch)
* govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1
* openSUSE Leap 15.6 (noarch)
* govulncheck-vulndb-0.0.20250108T191942-150000.1.26.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12678.html
* https://www.suse.com/security/cve/CVE-2024-25131.html
* https://www.suse.com/security/cve/CVE-2024-25133.html
* https://www.suse.com/security/cve/CVE-2024-28892.html
* https://www.suse.com/security/cve/CVE-2024-43803.html
* https://www.suse.com/security/cve/CVE-2024-45338.html
* https://www.suse.com/security/cve/CVE-2024-45387.html
* https://www.suse.com/security/cve/CVE-2024-54148.html
* https://www.suse.com/security/cve/CVE-2024-55196.html
* https://www.suse.com/security/cve/CVE-2024-55947.html
* https://www.suse.com/security/cve/CVE-2024-56362.html
* https://www.suse.com/security/cve/CVE-2024-56513.html
* https://www.suse.com/security/cve/CVE-2024-56514.html
* https://www.suse.com/security/cve/CVE-2024-9779.html
* https://www.suse.com/security/cve/CVE-2025-21609.html
* https://www.suse.com/security/cve/CVE-2025-21613.html
* https://www.suse.com/security/cve/CVE-2025-21614.html
* https://www.suse.com/security/cve/CVE-2025-22130.html
* https://jira.suse.com/browse/PED-11136
SUSE-SU-2025:0058-1: important: Security update for tomcat
# Security update for tomcat
Announcement ID: SUSE-SU-2025:0058-1
Release Date: 2025-01-10T07:35:34Z
Rating: important
References:
* bsc#1233435
* bsc#1234663
* bsc#1234664
Cross-References:
* CVE-2024-50379
* CVE-2024-52317
* CVE-2024-54677
CVSS scores:
* CVE-2024-50379 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-50379 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-50379 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-52317 ( SUSE ): 6.9
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
* CVE-2024-52317 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-52317 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2024-54677 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54677 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54677 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Server 4.3
* Web and Scripting Module 15-SP6
An update that solves three vulnerabilities can now be installed.
## Description:
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.98
* Fixed CVEs:
* CVE-2024-54677: DoS in examples web application (bsc#1234664)
* CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
* CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
* Catalina
* Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
* Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
* Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
* Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
* Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
* Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
* Fix: 69444: Ensure that the javax.servlet.error.message request attribute is
set when an application defined error page is called. (markt)
* Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
* Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
* Fix: Use client locale for directory listings. (remm)
* Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
* Fix: 69447: Update the support for caching classes the web application class
loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
* Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will also
be present in the equivalent GET request. There may be some headers, as per
RFC 9110, section 9.3.2, that are present in a GET request that are not
present in the equivalent HEAD request. (markt)
* Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
* Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
* Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
* Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
* Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
* Fix: The default servlet now rejects HTTP range requests when two or more of
the requested ranges overlap. Based on pull request #782 provided by Chenjp.
(markt)
* Fix: Enhance Content-Range verification for partial PUT requests handled by
the default servlet. Provided by Chenjp in pull request #778. (markt)
* Fix: Harmonize DataSourceStore lookup in the global resources to optionally
avoid the comp/env prefix which is usually not used there. (remm)
* Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
* Fix: Deprecate the useAcceptRanges initialisation parameter for the default
servlet. It will be removed in Tomcat 12 onwards where it will effectively
be hard coded to true. (markt)
* Add: Add DataSource based property storage for the WebdavServlet. (remm)
* Coyote
* Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed through
to avoid errors and/or corruption when the application decodes the path.
(markt)
* Jasper
* Fix: Further optimise EL evaluation of method parameters. Patch provided by
Paolo B. (markt)
* Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location. (markt)
* Web applications
* Fix: Documentation. Remove references to the ResourceParams element. Support
for ResourceParams was removed in Tomcat 5.5.x. (markt)
* Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter. The
attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
* Fix: Examples. Fix broken links when Servlet Request Info example is called
via a URL that includes a pathInfo component. (markt)
* Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
* Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
* Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
* Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
* Add: Examples. Limit the shopping cart example to only allow adding the pre-
defined items to the cart. (markt)
* Fix: Examples. Remove JSP calendar example. (markt)
* Other
* Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
* Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
* Update: Update EasyMock to 5.5.0. (markt)
* Update: Update Checkstyle to 10.20.2. (markt)
* Update: Update BND to 7.1.0. (markt)
* Add: Improvements to French translations. (remm)
* Add: Improvements to Korean translations. (markt)
* Add: Improvements to Chinese translations. (markt)
* Add: Improvements to Japanese translations by tak7iji. (markt)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-58=1
* Web and Scripting Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2025-58=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-58=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-58=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-58=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-58=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-58=1
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-58=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-58=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-58=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-58=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-58=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-58=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-58=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-58=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-docs-webapp-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-embed-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* tomcat-jsvc-9.0.98-150200.74.1
* tomcat-javadoc-9.0.98-150200.74.1
* Web and Scripting Module 15-SP6 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Manager Server 4.3 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
* SUSE Enterprise Storage 7.1 (noarch)
* tomcat-jsp-2_3-api-9.0.98-150200.74.1
* tomcat-servlet-4_0-api-9.0.98-150200.74.1
* tomcat-admin-webapps-9.0.98-150200.74.1
* tomcat-lib-9.0.98-150200.74.1
* tomcat-9.0.98-150200.74.1
* tomcat-webapps-9.0.98-150200.74.1
* tomcat-el-3_0-api-9.0.98-150200.74.1
## References:
* https://www.suse.com/security/cve/CVE-2024-50379.html
* https://www.suse.com/security/cve/CVE-2024-52317.html
* https://www.suse.com/security/cve/CVE-2024-54677.html
* https://bugzilla.suse.com/show_bug.cgi?id=1233435
* https://bugzilla.suse.com/show_bug.cgi?id=1234663
* https://bugzilla.suse.com/show_bug.cgi?id=1234664
SUSE-SU-2025:0059-1: important: Security update for MozillaFirefox
# Security update for MozillaFirefox
Announcement ID: SUSE-SU-2025:0059-1
Release Date: 2025-01-10T07:37:11Z
Rating: important
References:
* bsc#1234991
Cross-References:
* CVE-2025-0237
* CVE-2025-0238
* CVE-2025-0239
* CVE-2025-0240
* CVE-2025-0241
* CVE-2025-0242
* CVE-2025-0243
CVSS scores:
* CVE-2025-0237 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-0237 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-0238 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-0238 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-0239 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-0239 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-0240 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-0240 ( NVD ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2025-0242 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-0242 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-0243 ( SUSE ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2025-0243 ( NVD ): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products:
* Desktop Applications Module 15-SP6
* openSUSE Leap 15.6
* SUSE Enterprise Storage 7.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP3
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP3
* SUSE Linux Enterprise Server 15 SP3 LTSS
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for MozillaFirefox fixes the following issues:
* Firefox Extended Support Release 128.6.0 ESR
* Fixed: Various security fixes.
MFSA 2025-02 (bsc#1234991) * CVE-2025-0237 (bmo#1915257) WebChannel APIs
susceptible to confused deputy attack * CVE-2025-0238 (bmo#1915535) Use-after-
free when breaking lines * CVE-2025-0239 (bmo#1929156) Alt-Svc ALPN validation
failure when redirected * CVE-2025-0240 (bmo#1929623) Compartment mismatch when
parsing JavaScript JSON module * CVE-2025-0241 (bmo#1933023) Memory corruption
when using JavaScript Text Segmentation * CVE-2025-0242 (bmo#1874523,
bmo#1926454, bmo#1931873, bmo#1932169) Memory safety bugs fixed in Firefox 134,
Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and
Thunderbird 128.6 * CVE-2025-0243 (bmo#1827142, bmo#1932783) Memory safety bugs
fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6
* Firefox Extended Support Release 128.5.2 ESR
* Fixed: Fixed a crash experienced by Windows users with Qihoo 360 Total
Security Antivirus software installed (bmo#1934258)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 15 SP3 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-59=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-59=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-59=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2025-59=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-59=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-59=1
* SUSE Enterprise Storage 7.1
zypper in -t patch SUSE-Storage-7.1-2025-59=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-59=1
* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-59=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3
zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-59=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-59=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-59=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-59=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-59=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2025-59=1
## Package List:
* SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server 15 SP3 LTSS (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Enterprise Storage 7.1 (aarch64 x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Enterprise Storage 7.1 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-branding-upstream-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* openSUSE Leap 15.6 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* Desktop Applications Module 15-SP6 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64
x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64)
* MozillaFirefox-debugsource-128.6.0-150200.152.167.1
* MozillaFirefox-translations-common-128.6.0-150200.152.167.1
* MozillaFirefox-128.6.0-150200.152.167.1
* MozillaFirefox-debuginfo-128.6.0-150200.152.167.1
* MozillaFirefox-translations-other-128.6.0-150200.152.167.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (noarch)
* MozillaFirefox-devel-128.6.0-150200.152.167.1
## References:
* https://www.suse.com/security/cve/CVE-2025-0237.html
* https://www.suse.com/security/cve/CVE-2025-0238.html
* https://www.suse.com/security/cve/CVE-2025-0239.html
* https://www.suse.com/security/cve/CVE-2025-0240.html
* https://www.suse.com/security/cve/CVE-2025-0241.html
* https://www.suse.com/security/cve/CVE-2025-0242.html
* https://www.suse.com/security/cve/CVE-2025-0243.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234991
openSUSE-SU-2025:14624-1: moderate: govulncheck-vulndb-0.0.20250108T191942-1.1 on GA media
# govulncheck-vulndb-0.0.20250108T191942-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14624-1
Rating: moderate
Cross-References:
* CVE-2024-25133
* CVE-2024-28892
* CVE-2024-45387
* CVE-2024-54148
* CVE-2024-55196
* CVE-2024-55947
* CVE-2024-56362
* CVE-2024-56513
* CVE-2024-56514
* CVE-2025-21609
* CVE-2025-21613
* CVE-2025-21614
* CVE-2025-22130
CVSS scores:
* CVE-2025-21613 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Tumbleweed
An update that solves 13 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the govulncheck-vulndb-0.0.20250108T191942-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* govulncheck-vulndb 0.0.20250108T191942-1.1
## References:
* https://www.suse.com/security/cve/CVE-2024-25133.html
* https://www.suse.com/security/cve/CVE-2024-28892.html
* https://www.suse.com/security/cve/CVE-2024-45387.html
* https://www.suse.com/security/cve/CVE-2024-54148.html
* https://www.suse.com/security/cve/CVE-2024-55196.html
* https://www.suse.com/security/cve/CVE-2024-55947.html
* https://www.suse.com/security/cve/CVE-2024-56362.html
* https://www.suse.com/security/cve/CVE-2024-56513.html
* https://www.suse.com/security/cve/CVE-2024-56514.html
* https://www.suse.com/security/cve/CVE-2025-21609.html
* https://www.suse.com/security/cve/CVE-2025-21613.html
* https://www.suse.com/security/cve/CVE-2025-21614.html
* https://www.suse.com/security/cve/CVE-2025-22130.html
openSUSE-SU-2025:14628-1: moderate: python311-slixmpp-1.8.6-1.1 on GA media
# python311-slixmpp-1.8.6-1.1 on GA media
Announcement ID: openSUSE-SU-2025:14628-1
Rating: moderate
Cross-References:
* CVE-2022-45197
Affected Products:
* openSUSE Tumbleweed
An update that solves one vulnerability can now be installed.
## Description:
These are all security issues fixed in the python311-slixmpp-1.8.6-1.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* python311-slixmpp 1.8.6-1.1
* python312-slixmpp 1.8.6-1.1
* python313-slixmpp 1.8.6-1.1
## References:
* https://www.suse.com/security/cve/CVE-2022-45197.html
openSUSE-SU-2025:14627-1: moderate: logback-1.2.11-4.1 on GA media
# logback-1.2.11-4.1 on GA media
Announcement ID: openSUSE-SU-2025:14627-1
Rating: moderate
Cross-References:
* CVE-2024-12798
* CVE-2024-12801
CVSS scores:
* CVE-2024-12798 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-12801 ( SUSE ): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:
* openSUSE Tumbleweed
An update that solves 2 vulnerabilities can now be installed.
## Description:
These are all security issues fixed in the logback-1.2.11-4.1 package on the GA media of openSUSE Tumbleweed.
## Package List:
* openSUSE Tumbleweed:
* logback 1.2.11-4.1
* logback-access 1.2.11-4.1
* logback-examples 1.2.11-4.1
* logback-javadoc 1.2.11-4.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12798.html
* https://www.suse.com/security/cve/CVE-2024-12801.html
SUSE-SU-2025:0062-1: important: Security update for gstreamer
# Security update for gstreamer
Announcement ID: SUSE-SU-2025:0062-1
Release Date: 2025-01-10T12:53:37Z
Rating: important
References:
* bsc#1234449
Cross-References:
* CVE-2024-47606
CVSS scores:
* CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47606 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer fixes the following issues:
* CVE-2024-47606: Avoid integer overflow when allocating sysmem.
(bsc#1234449).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-62=1 openSUSE-SLE-15.6-2025-62=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-62=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-62=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libgstreamer-1_0-0-1.24.0-150600.3.3.1
* gstreamer-debuginfo-1.24.0-150600.3.3.1
* gstreamer-utils-debuginfo-1.24.0-150600.3.3.1
* libgstreamer-1_0-0-debuginfo-1.24.0-150600.3.3.1
* gstreamer-devel-1.24.0-150600.3.3.1
* gstreamer-debugsource-1.24.0-150600.3.3.1
* gstreamer-utils-1.24.0-150600.3.3.1
* gstreamer-1.24.0-150600.3.3.1
* typelib-1_0-Gst-1_0-1.24.0-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* typelib-1_0-Gst-1_0-32bit-1.24.0-150600.3.3.1
* gstreamer-32bit-1.24.0-150600.3.3.1
* libgstreamer-1_0-0-32bit-debuginfo-1.24.0-150600.3.3.1
* libgstreamer-1_0-0-32bit-1.24.0-150600.3.3.1
* gstreamer-devel-32bit-1.24.0-150600.3.3.1
* gstreamer-32bit-debuginfo-1.24.0-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* gstreamer-lang-1.24.0-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgstreamer-1_0-0-64bit-debuginfo-1.24.0-150600.3.3.1
* libgstreamer-1_0-0-64bit-1.24.0-150600.3.3.1
* gstreamer-64bit-1.24.0-150600.3.3.1
* gstreamer-64bit-debuginfo-1.24.0-150600.3.3.1
* gstreamer-devel-64bit-1.24.0-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libgstreamer-1_0-0-1.24.0-150600.3.3.1
* gstreamer-debuginfo-1.24.0-150600.3.3.1
* gstreamer-utils-debuginfo-1.24.0-150600.3.3.1
* libgstreamer-1_0-0-debuginfo-1.24.0-150600.3.3.1
* gstreamer-devel-1.24.0-150600.3.3.1
* gstreamer-debugsource-1.24.0-150600.3.3.1
* gstreamer-utils-1.24.0-150600.3.3.1
* gstreamer-1.24.0-150600.3.3.1
* typelib-1_0-Gst-1_0-1.24.0-150600.3.3.1
* Basesystem Module 15-SP6 (noarch)
* gstreamer-lang-1.24.0-150600.3.3.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* gstreamer-32bit-1.24.0-150600.3.3.1
* gstreamer-debuginfo-1.24.0-150600.3.3.1
* libgstreamer-1_0-0-32bit-debuginfo-1.24.0-150600.3.3.1
* libgstreamer-1_0-0-32bit-1.24.0-150600.3.3.1
* gstreamer-debugsource-1.24.0-150600.3.3.1
* gstreamer-32bit-debuginfo-1.24.0-150600.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47606.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234449
SUSE-SU-2025:0065-1: important: Security update for gstreamer-plugins-base
# Security update for gstreamer-plugins-base
Announcement ID: SUSE-SU-2025:0065-1
Release Date: 2025-01-10T14:42:42Z
Rating: important
References:
* bsc#1234415
* bsc#1234450
* bsc#1234453
* bsc#1234455
* bsc#1234456
* bsc#1234459
* bsc#1234460
Cross-References:
* CVE-2024-47538
* CVE-2024-47541
* CVE-2024-47542
* CVE-2024-47600
* CVE-2024-47607
* CVE-2024-47615
* CVE-2024-47835
CVSS scores:
* CVE-2024-47538 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47538 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47541 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47541 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-47541 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47541 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47542 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47542 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47542 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47600 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-47600 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47600 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47607 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47607 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47607 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47615 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47615 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47835 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for gstreamer-plugins-base fixes the following issues:
* CVE-2024-47538: Fixed a stack-buffer overflow in
vorbis_handle_identification_packet. (bsc#1234415)
* CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser.
(bsc#1234450)
* CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0
commandline tool. (bsc#1234453)
* CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
* CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser.
(bsc#1234459)
* CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer
dereference. (bsc#1234460)
* CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-65=1 openSUSE-SLE-15.6-2025-65=1
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-65=1
* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-65=1
## Package List:
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* libgstapp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstfft-1_0-0-1.24.0-150600.3.8.1
* libgstpbutils-1_0-0-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-debugsource-1.24.0-150600.3.8.1
* typelib-1_0-GstSdp-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstPbutils-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstGL-1_0-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-1.24.0-150600.3.8.1
* typelib-1_0-GstAudio-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstTag-1_0-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstgl-1_0-0-debuginfo-1.24.0-150600.3.8.1
* typelib-1_0-GstGLX11-1_0-1.24.0-150600.3.8.1
* libgstsdp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstpbutils-1_0-0-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-1.24.0-150600.3.8.1
* libgstfft-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-1.24.0-150600.3.8.1
* gstreamer-plugins-base-debuginfo-1.24.0-150600.3.8.1
* libgsttag-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-1.24.0-150600.3.8.1
* gstreamer-plugins-base-devel-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-1.24.0-150600.3.8.1
* typelib-1_0-GstGLWayland-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstAllocators-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstApp-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstVideo-1_0-1.24.0-150600.3.8.1
* libgstapp-1_0-0-1.24.0-150600.3.8.1
* libgstgl-1_0-0-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* typelib-1_0-GstRtp-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstGLEGL-1_0-1.24.0-150600.3.8.1
* libgstsdp-1_0-0-1.24.0-150600.3.8.1
* libgstriff-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstriff-1_0-0-1.24.0-150600.3.8.1
* libgsttag-1_0-0-1.24.0-150600.3.8.1
* gstreamer-plugins-base-1.24.0-150600.3.8.1
* typelib-1_0-GstRtsp-1_0-1.24.0-150600.3.8.1
* openSUSE Leap 15.6 (x86_64)
* libgstpbutils-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstfft-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-32bit-1.24.0-150600.3.8.1
* gstreamer-plugins-base-devel-32bit-1.24.0-150600.3.8.1
* libgstgl-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstfft-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstapp-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstsdp-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstriff-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstpbutils-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstsdp-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstriff-1_0-0-32bit-1.24.0-150600.3.8.1
* gstreamer-plugins-base-32bit-1.24.0-150600.3.8.1
* libgstgl-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstapp-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgsttag-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-32bit-1.24.0-150600.3.8.1
* libgsttag-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* openSUSE Leap 15.6 (noarch)
* gstreamer-plugins-base-lang-1.24.0-150600.3.8.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libgstsdp-1_0-0-64bit-1.24.0-150600.3.8.1
* libgsttag-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstriff-1_0-0-64bit-1.24.0-150600.3.8.1
* libgsttag-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstpbutils-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstapp-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstgl-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstriff-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-64bit-1.24.0-150600.3.8.1
* libgstfft-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstapp-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-devel-64bit-1.24.0-150600.3.8.1
* libgstfft-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstpbutils-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstgl-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-64bit-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstsdp-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-64bit-debuginfo-1.24.0-150600.3.8.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* libgstapp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstfft-1_0-0-1.24.0-150600.3.8.1
* libgstpbutils-1_0-0-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-debugsource-1.24.0-150600.3.8.1
* typelib-1_0-GstSdp-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstPbutils-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstGL-1_0-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-1.24.0-150600.3.8.1
* typelib-1_0-GstAudio-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstTag-1_0-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstgl-1_0-0-debuginfo-1.24.0-150600.3.8.1
* typelib-1_0-GstGLX11-1_0-1.24.0-150600.3.8.1
* libgstsdp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstpbutils-1_0-0-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-1.24.0-150600.3.8.1
* libgstfft-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-1.24.0-150600.3.8.1
* gstreamer-plugins-base-debuginfo-1.24.0-150600.3.8.1
* libgsttag-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstallocators-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-1.24.0-150600.3.8.1
* gstreamer-plugins-base-devel-1.24.0-150600.3.8.1
* libgstrtsp-1_0-0-1.24.0-150600.3.8.1
* typelib-1_0-GstGLWayland-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstAllocators-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstApp-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstVideo-1_0-1.24.0-150600.3.8.1
* libgstapp-1_0-0-1.24.0-150600.3.8.1
* libgstgl-1_0-0-1.24.0-150600.3.8.1
* libgstrtp-1_0-0-debuginfo-1.24.0-150600.3.8.1
* typelib-1_0-GstRtp-1_0-1.24.0-150600.3.8.1
* typelib-1_0-GstGLEGL-1_0-1.24.0-150600.3.8.1
* libgstsdp-1_0-0-1.24.0-150600.3.8.1
* libgstriff-1_0-0-debuginfo-1.24.0-150600.3.8.1
* libgstriff-1_0-0-1.24.0-150600.3.8.1
* libgsttag-1_0-0-1.24.0-150600.3.8.1
* gstreamer-plugins-base-1.24.0-150600.3.8.1
* typelib-1_0-GstRtsp-1_0-1.24.0-150600.3.8.1
* Basesystem Module 15-SP6 (noarch)
* gstreamer-plugins-base-lang-1.24.0-150600.3.8.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* libgstvideo-1_0-0-32bit-1.24.0-150600.3.8.1
* libgsttag-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* libgsttag-1_0-0-32bit-1.24.0-150600.3.8.1
* gstreamer-plugins-base-debugsource-1.24.0-150600.3.8.1
* libgstvideo-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-32bit-debuginfo-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-32bit-1.24.0-150600.3.8.1
* libgstaudio-1_0-0-32bit-debuginfo-1.24.0-150600.3.8.1
* gstreamer-plugins-base-debuginfo-1.24.0-150600.3.8.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47538.html
* https://www.suse.com/security/cve/CVE-2024-47541.html
* https://www.suse.com/security/cve/CVE-2024-47542.html
* https://www.suse.com/security/cve/CVE-2024-47600.html
* https://www.suse.com/security/cve/CVE-2024-47607.html
* https://www.suse.com/security/cve/CVE-2024-47615.html
* https://www.suse.com/security/cve/CVE-2024-47835.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234415
* https://bugzilla.suse.com/show_bug.cgi?id=1234450
* https://bugzilla.suse.com/show_bug.cgi?id=1234453
* https://bugzilla.suse.com/show_bug.cgi?id=1234455
* https://bugzilla.suse.com/show_bug.cgi?id=1234456
* https://bugzilla.suse.com/show_bug.cgi?id=1234459
* https://bugzilla.suse.com/show_bug.cgi?id=1234460
SUSE-SU-2025:0064-1: important: Security update for gstreamer-plugins-good
# Security update for gstreamer-plugins-good
Announcement ID: SUSE-SU-2025:0064-1
Release Date: 2025-01-10T13:48:33Z
Rating: important
References:
* bsc#1234414
* bsc#1234417
* bsc#1234421
* bsc#1234424
* bsc#1234425
* bsc#1234426
* bsc#1234427
* bsc#1234428
* bsc#1234432
* bsc#1234433
* bsc#1234434
* bsc#1234435
* bsc#1234436
* bsc#1234439
* bsc#1234440
* bsc#1234446
* bsc#1234447
* bsc#1234449
* bsc#1234462
* bsc#1234473
* bsc#1234476
* bsc#1234477
Cross-References:
* CVE-2024-47530
* CVE-2024-47537
* CVE-2024-47539
* CVE-2024-47543
* CVE-2024-47544
* CVE-2024-47545
* CVE-2024-47546
* CVE-2024-47596
* CVE-2024-47597
* CVE-2024-47598
* CVE-2024-47599
* CVE-2024-47601
* CVE-2024-47602
* CVE-2024-47603
* CVE-2024-47606
* CVE-2024-47613
* CVE-2024-47774
* CVE-2024-47775
* CVE-2024-47776
* CVE-2024-47777
* CVE-2024-47778
* CVE-2024-47834
CVSS scores:
* CVE-2024-47530 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-47530 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-47537 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47537 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47537 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47539 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47539 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47539 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47543 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-47543 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47543 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47544 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47544 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47544 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47545 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47545 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47546 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47546 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47546 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47596 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47597 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47597 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47598 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47598 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47598 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47599 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47599 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47599 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47601 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47601 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47602 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47602 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47602 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47603 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47603 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47606 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47613 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47774 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47774 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47775 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47775 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47775 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47776 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47776 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47777 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47777 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47777 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47778 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47778 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47834 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47834 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products:
* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
An update that solves 22 vulnerabilities can now be installed.
## Description:
This update for gstreamer-plugins-good fixes the following issues:
* CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM
demuxer. (boo#1234421)
* CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c.
(boo#1234414)
* CVE-2024-47539: Fixed an out-of-bounds write in convert_to_s334_1a.
(boo#1234417)
* CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container.
(boo#1234462)
* CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC
handling. (boo#1234473)
* CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to
out-of-bounds read. (boo#1234476)
* CVE-2024-47546: Fixed an integer underflow in extract_cc_from_data leading
to out-of-bounds read. (boo#1234477)
* CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead
to out-of-bounds reads. (boo#1234424)
* CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table
parser (boo#1234425)
* CVE-2024-47598: Fixed MP4/MOV sample table parser out-of-bounds read.
(boo#1234426)
* CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can
lead to NULL-pointer dereferences. (boo#1234427)
* CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer.
(boo#1234428)
* CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in
Matroska/WebM demuxer. (boo#1234432)
* CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer.
(boo#1234433)
* CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449)
* CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory
allocator that can lead to out-of-bounds writes. (boo#1234449)
* CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder.
(boo#1234447)
* CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads
to out-of-bounds reads. (boo#1234446)
* CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser.
(boo#1234434)
* CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser.
(boo#1234435)
* CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser.
(boo#1234436)
* CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser.
(boo#1234439)
* CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can
cause crashes for certain input files. (boo#1234440)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-64=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-64=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-64=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-64=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-64=1
## Package List:
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* gstreamer-plugins-good-1.22.0-150500.4.6.1
* gstreamer-plugins-good-extra-1.22.0-150500.4.6.1
* gstreamer-plugins-good-gtk-1.22.0-150500.4.6.1
* gstreamer-plugins-good-qtqml-1.22.0-150500.4.6.1
* gstreamer-plugins-good-jack-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-extra-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.6.1
* gstreamer-plugins-good-gtk-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-jack-1.22.0-150500.4.6.1
* gstreamer-plugins-good-qtqml-debuginfo-1.22.0-150500.4.6.1
* openSUSE Leap 15.5 (x86_64)
* gstreamer-plugins-good-extra-32bit-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-jack-32bit-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-32bit-1.22.0-150500.4.6.1
* gstreamer-plugins-good-jack-32bit-1.22.0-150500.4.6.1
* gstreamer-plugins-good-extra-32bit-1.22.0-150500.4.6.1
* gstreamer-plugins-good-32bit-debuginfo-1.22.0-150500.4.6.1
* openSUSE Leap 15.5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.6.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* gstreamer-plugins-good-jack-64bit-1.22.0-150500.4.6.1
* gstreamer-plugins-good-extra-64bit-1.22.0-150500.4.6.1
* gstreamer-plugins-good-extra-64bit-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-jack-64bit-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-64bit-debuginfo-1.22.0-150500.4.6.1
* gstreamer-plugins-good-64bit-1.22.0-150500.4.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-good-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.6.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* gstreamer-plugins-good-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.6.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-good-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.6.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* gstreamer-plugins-good-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debugsource-1.22.0-150500.4.6.1
* gstreamer-plugins-good-debuginfo-1.22.0-150500.4.6.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* gstreamer-plugins-good-lang-1.22.0-150500.4.6.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47530.html
* https://www.suse.com/security/cve/CVE-2024-47537.html
* https://www.suse.com/security/cve/CVE-2024-47539.html
* https://www.suse.com/security/cve/CVE-2024-47543.html
* https://www.suse.com/security/cve/CVE-2024-47544.html
* https://www.suse.com/security/cve/CVE-2024-47545.html
* https://www.suse.com/security/cve/CVE-2024-47546.html
* https://www.suse.com/security/cve/CVE-2024-47596.html
* https://www.suse.com/security/cve/CVE-2024-47597.html
* https://www.suse.com/security/cve/CVE-2024-47598.html
* https://www.suse.com/security/cve/CVE-2024-47599.html
* https://www.suse.com/security/cve/CVE-2024-47601.html
* https://www.suse.com/security/cve/CVE-2024-47602.html
* https://www.suse.com/security/cve/CVE-2024-47603.html
* https://www.suse.com/security/cve/CVE-2024-47606.html
* https://www.suse.com/security/cve/CVE-2024-47613.html
* https://www.suse.com/security/cve/CVE-2024-47774.html
* https://www.suse.com/security/cve/CVE-2024-47775.html
* https://www.suse.com/security/cve/CVE-2024-47776.html
* https://www.suse.com/security/cve/CVE-2024-47777.html
* https://www.suse.com/security/cve/CVE-2024-47778.html
* https://www.suse.com/security/cve/CVE-2024-47834.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234414
* https://bugzilla.suse.com/show_bug.cgi?id=1234417
* https://bugzilla.suse.com/show_bug.cgi?id=1234421
* https://bugzilla.suse.com/show_bug.cgi?id=1234424
* https://bugzilla.suse.com/show_bug.cgi?id=1234425
* https://bugzilla.suse.com/show_bug.cgi?id=1234426
* https://bugzilla.suse.com/show_bug.cgi?id=1234427
* https://bugzilla.suse.com/show_bug.cgi?id=1234428
* https://bugzilla.suse.com/show_bug.cgi?id=1234432
* https://bugzilla.suse.com/show_bug.cgi?id=1234433
* https://bugzilla.suse.com/show_bug.cgi?id=1234434
* https://bugzilla.suse.com/show_bug.cgi?id=1234435
* https://bugzilla.suse.com/show_bug.cgi?id=1234436
* https://bugzilla.suse.com/show_bug.cgi?id=1234439
* https://bugzilla.suse.com/show_bug.cgi?id=1234440
* https://bugzilla.suse.com/show_bug.cgi?id=1234446
* https://bugzilla.suse.com/show_bug.cgi?id=1234447
* https://bugzilla.suse.com/show_bug.cgi?id=1234449
* https://bugzilla.suse.com/show_bug.cgi?id=1234462
* https://bugzilla.suse.com/show_bug.cgi?id=1234473
* https://bugzilla.suse.com/show_bug.cgi?id=1234476
* https://bugzilla.suse.com/show_bug.cgi?id=1234477
SUSE-SU-2025:0066-1: moderate: Security update for apptainer
# Security update for apptainer
Announcement ID: SUSE-SU-2025:0066-1
Release Date: 2025-01-10T14:49:16Z
Rating: moderate
References:
* bsc#1235211
Cross-References:
* CVE-2024-28180
CVSS scores:
* CVE-2024-28180 ( SUSE ): 2.3
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2024-28180 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected Products:
* HPC Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Server 15 SP6
An update that solves one vulnerability can now be installed.
## Description:
This update for apptainer fixes the following issues:
* Update to version 1.3.6
* CVE-2024-28180: Fixed an improper handling of highly compressed data in go-
jose. (bsc#1235211)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-66=1 openSUSE-SLE-15.6-2025-66=1
* HPC Module 15-SP6
zypper in -t patch SUSE-SLE-Module-HPC-15-SP6-2025-66=1
## Package List:
* openSUSE Leap 15.6 (aarch64 x86_64)
* apptainer-debuginfo-1.3.6-150600.4.3.1
* apptainer-1.3.6-150600.4.3.1
* openSUSE Leap 15.6 (noarch)
* apptainer-sle15_6-1.3.6-150600.4.3.1
* apptainer-sle15_5-1.3.6-150600.4.3.1
* apptainer-leap-1.3.6-150600.4.3.1
* apptainer-sle15_7-1.3.6-150600.4.3.1
* HPC Module 15-SP6 (aarch64 x86_64)
* apptainer-debuginfo-1.3.6-150600.4.3.1
* apptainer-1.3.6-150600.4.3.1
* HPC Module 15-SP6 (noarch)
* apptainer-sle15_6-1.3.6-150600.4.3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-28180.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235211
SUSE-SU-2025:0069-1: important: Security update for gstreamer-plugins-base
# Security update for gstreamer-plugins-base
Announcement ID: SUSE-SU-2025:0069-1
Release Date: 2025-01-10T16:52:17Z
Rating: important
References:
* bsc#1234415
* bsc#1234450
* bsc#1234453
* bsc#1234455
* bsc#1234456
* bsc#1234459
* bsc#1234460
Cross-References:
* CVE-2024-47538
* CVE-2024-47541
* CVE-2024-47542
* CVE-2024-47600
* CVE-2024-47607
* CVE-2024-47615
* CVE-2024-47835
CVSS scores:
* CVE-2024-47538 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47538 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47541 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47541 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-47541 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47541 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47542 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47542 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47542 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47600 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-47600 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47600 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47607 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47607 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47607 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47615 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47615 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47835 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves seven vulnerabilities can now be installed.
## Description:
This update for gstreamer-plugins-base fixes the following issues:
* CVE-2024-47538: Fixed a stack-buffer overflow in
vorbis_handle_identification_packet. (bsc#1234415)
* CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser.
(bsc#1234450)
* CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0
commandline tool. (bsc#1234453)
* CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
* CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser.
(bsc#1234459)
* CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer
dereference. (bsc#1234460)
* CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-69=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-69=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-69=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-69=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-69=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-69=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-69=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2025-69=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-69=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-69=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-69=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-69=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-69=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* openSUSE Leap 15.4 (x86_64)
* libgstriff-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstapp-1_0-0-32bit-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-32bit-1.20.1-150400.3.11.1
* libgstapp-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstfft-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstgl-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-32bit-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-32bit-1.20.1-150400.3.11.1
* gstreamer-plugins-base-32bit-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstriff-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstfft-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-32bit-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-32bit-debuginfo-1.20.1-150400.3.11.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* gstreamer-plugins-base-64bit-1.20.1-150400.3.11.1
* libgstapp-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstapp-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstfft-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-64bit-1.20.1-150400.3.11.1
* gstreamer-plugins-base-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstfft-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-64bit-1.20.1-150400.3.11.1
* libgsttag-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstriff-1_0-0-64bit-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-64bit-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstriff-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-64bit-1.20.1-150400.3.11.1
* libgstgl-1_0-0-64bit-debuginfo-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* SUSE Manager Proxy 4.3 (x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Manager Proxy 4.3 (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* gstreamer-plugins-base-1.20.1-150400.3.11.1
* libgstapp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstApp-1_0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debugsource-1.20.1-150400.3.11.1
* libgstriff-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstAudio-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-1.20.1-150400.3.11.1
* libgstgl-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstvideo-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstVideo-1_0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgsttag-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstTag-1_0-1.20.1-150400.3.11.1
* libgsttag-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstPbutils-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-1.20.1-150400.3.11.1
* typelib-1_0-GstGL-1_0-1.20.1-150400.3.11.1
* libgstriff-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.20.1-150400.3.11.1
* libgstrtp-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstrtsp-1_0-0-1.20.1-150400.3.11.1
* libgstapp-1_0-0-1.20.1-150400.3.11.1
* gstreamer-plugins-base-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstSdp-1_0-1.20.1-150400.3.11.1
* libgstfft-1_0-0-debuginfo-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.20.1-150400.3.11.1
* gstreamer-plugins-base-devel-1.20.1-150400.3.11.1
* libgstgl-1_0-0-1.20.1-150400.3.11.1
* libgstpbutils-1_0-0-1.20.1-150400.3.11.1
* libgstaudio-1_0-0-debuginfo-1.20.1-150400.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstAllocators-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstGLX11-1_0-1.20.1-150400.3.11.1
* typelib-1_0-GstRtsp-1_0-1.20.1-150400.3.11.1
* libgstallocators-1_0-0-1.20.1-150400.3.11.1
* libgstsdp-1_0-0-1.20.1-150400.3.11.1
* SUSE Manager Server 4.3 (noarch)
* gstreamer-plugins-base-lang-1.20.1-150400.3.11.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47538.html
* https://www.suse.com/security/cve/CVE-2024-47541.html
* https://www.suse.com/security/cve/CVE-2024-47542.html
* https://www.suse.com/security/cve/CVE-2024-47600.html
* https://www.suse.com/security/cve/CVE-2024-47607.html
* https://www.suse.com/security/cve/CVE-2024-47615.html
* https://www.suse.com/security/cve/CVE-2024-47835.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234415
* https://bugzilla.suse.com/show_bug.cgi?id=1234450
* https://bugzilla.suse.com/show_bug.cgi?id=1234453
* https://bugzilla.suse.com/show_bug.cgi?id=1234455
* https://bugzilla.suse.com/show_bug.cgi?id=1234456
* https://bugzilla.suse.com/show_bug.cgi?id=1234459
* https://bugzilla.suse.com/show_bug.cgi?id=1234460
SUSE-SU-2025:0067-1: important: Security update for gstreamer-plugins-good
# Security update for gstreamer-plugins-good
Announcement ID: SUSE-SU-2025:0067-1
Release Date: 2025-01-10T16:48:43Z
Rating: important
References:
* bsc#1234414
* bsc#1234417
* bsc#1234421
* bsc#1234424
* bsc#1234425
* bsc#1234426
* bsc#1234427
* bsc#1234428
* bsc#1234432
* bsc#1234433
* bsc#1234434
* bsc#1234435
* bsc#1234436
* bsc#1234439
* bsc#1234440
* bsc#1234446
* bsc#1234447
* bsc#1234449
* bsc#1234462
* bsc#1234473
* bsc#1234476
* bsc#1234477
Cross-References:
* CVE-2024-47530
* CVE-2024-47537
* CVE-2024-47539
* CVE-2024-47543
* CVE-2024-47544
* CVE-2024-47545
* CVE-2024-47546
* CVE-2024-47596
* CVE-2024-47597
* CVE-2024-47598
* CVE-2024-47599
* CVE-2024-47601
* CVE-2024-47602
* CVE-2024-47603
* CVE-2024-47606
* CVE-2024-47613
* CVE-2024-47774
* CVE-2024-47775
* CVE-2024-47776
* CVE-2024-47777
* CVE-2024-47778
* CVE-2024-47834
CVSS scores:
* CVE-2024-47530 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-47530 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-47537 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47537 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47537 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47539 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47539 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47539 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47543 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-47543 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47543 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47544 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47544 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47544 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47545 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47545 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47546 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47546 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47546 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47596 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47597 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47597 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47598 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47598 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47598 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47599 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47599 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47599 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47601 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47601 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47602 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47602 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47602 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47603 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47603 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47606 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47613 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47774 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47774 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47775 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47775 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47775 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47776 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47776 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47777 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47777 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47777 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47778 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47778 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47834 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47834 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves 22 vulnerabilities can now be installed.
## Description:
This update for gstreamer-plugins-good fixes the following issues:
* CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM
demuxer. (boo#1234421)
* CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c.
(boo#1234414)
* CVE-2024-47539: Fixed an out-of-bounds write in convert_to_s334_1a.
(boo#1234417)
* CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container.
(boo#1234462)
* CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC
handling. (boo#1234473)
* CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to
out-of-bounds read. (boo#1234476)
* CVE-2024-47546: Fixed an integer underflow in extract_cc_from_data leading
to out-of-bounds read. (boo#1234477)
* CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead
to out-of-bounds reads. (boo#1234424)
* CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table
parser (boo#1234425)
* CVE-2024-47598: Fixed MP4/MOV sample table parser out-of-bounds read.
(boo#1234426)
* CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can
lead to NULL-pointer dereferences. (boo#1234427)
* CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer.
(boo#1234428)
* CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in
Matroska/WebM demuxer. (boo#1234432)
* CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer.
(boo#1234433)
* CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449)
* CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory
allocator that can lead to out-of-bounds writes. (boo#1234449)
* CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder.
(boo#1234447)
* CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads
to out-of-bounds reads. (boo#1234446)
* CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser.
(boo#1234434)
* CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser.
(boo#1234435)
* CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser.
(boo#1234436)
* CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser.
(boo#1234439)
* CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can
cause crashes for certain input files. (boo#1234440)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-67=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-67=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-67=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2025-67=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-67=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-67=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-67=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-67=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-67=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* gstreamer-plugins-good-gtk-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-qtqml-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-extra-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-jack-1.20.1-150400.3.9.1
* gstreamer-plugins-good-qtqml-1.20.1-150400.3.9.1
* gstreamer-plugins-good-extra-1.20.1-150400.3.9.1
* gstreamer-plugins-good-gtk-1.20.1-150400.3.9.1
* gstreamer-plugins-good-jack-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* openSUSE Leap 15.4 (x86_64)
* gstreamer-plugins-good-jack-32bit-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-32bit-1.20.1-150400.3.9.1
* gstreamer-plugins-good-32bit-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-extra-32bit-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-jack-32bit-1.20.1-150400.3.9.1
* gstreamer-plugins-good-extra-32bit-1.20.1-150400.3.9.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* gstreamer-plugins-good-jack-64bit-1.20.1-150400.3.9.1
* gstreamer-plugins-good-extra-64bit-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-64bit-1.20.1-150400.3.9.1
* gstreamer-plugins-good-extra-64bit-1.20.1-150400.3.9.1
* gstreamer-plugins-good-64bit-debuginfo-1.20.1-150400.3.9.1
* gstreamer-plugins-good-jack-64bit-debuginfo-1.20.1-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* SUSE Manager Proxy 4.3 (x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Manager Proxy 4.3 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* gstreamer-plugins-good-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debugsource-1.20.1-150400.3.9.1
* gstreamer-plugins-good-debuginfo-1.20.1-150400.3.9.1
* SUSE Manager Server 4.3 (noarch)
* gstreamer-plugins-good-lang-1.20.1-150400.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47530.html
* https://www.suse.com/security/cve/CVE-2024-47537.html
* https://www.suse.com/security/cve/CVE-2024-47539.html
* https://www.suse.com/security/cve/CVE-2024-47543.html
* https://www.suse.com/security/cve/CVE-2024-47544.html
* https://www.suse.com/security/cve/CVE-2024-47545.html
* https://www.suse.com/security/cve/CVE-2024-47546.html
* https://www.suse.com/security/cve/CVE-2024-47596.html
* https://www.suse.com/security/cve/CVE-2024-47597.html
* https://www.suse.com/security/cve/CVE-2024-47598.html
* https://www.suse.com/security/cve/CVE-2024-47599.html
* https://www.suse.com/security/cve/CVE-2024-47601.html
* https://www.suse.com/security/cve/CVE-2024-47602.html
* https://www.suse.com/security/cve/CVE-2024-47603.html
* https://www.suse.com/security/cve/CVE-2024-47606.html
* https://www.suse.com/security/cve/CVE-2024-47613.html
* https://www.suse.com/security/cve/CVE-2024-47774.html
* https://www.suse.com/security/cve/CVE-2024-47775.html
* https://www.suse.com/security/cve/CVE-2024-47776.html
* https://www.suse.com/security/cve/CVE-2024-47777.html
* https://www.suse.com/security/cve/CVE-2024-47778.html
* https://www.suse.com/security/cve/CVE-2024-47834.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234414
* https://bugzilla.suse.com/show_bug.cgi?id=1234417
* https://bugzilla.suse.com/show_bug.cgi?id=1234421
* https://bugzilla.suse.com/show_bug.cgi?id=1234424
* https://bugzilla.suse.com/show_bug.cgi?id=1234425
* https://bugzilla.suse.com/show_bug.cgi?id=1234426
* https://bugzilla.suse.com/show_bug.cgi?id=1234427
* https://bugzilla.suse.com/show_bug.cgi?id=1234428
* https://bugzilla.suse.com/show_bug.cgi?id=1234432
* https://bugzilla.suse.com/show_bug.cgi?id=1234433
* https://bugzilla.suse.com/show_bug.cgi?id=1234434
* https://bugzilla.suse.com/show_bug.cgi?id=1234435
* https://bugzilla.suse.com/show_bug.cgi?id=1234436
* https://bugzilla.suse.com/show_bug.cgi?id=1234439
* https://bugzilla.suse.com/show_bug.cgi?id=1234440
* https://bugzilla.suse.com/show_bug.cgi?id=1234446
* https://bugzilla.suse.com/show_bug.cgi?id=1234447
* https://bugzilla.suse.com/show_bug.cgi?id=1234449
* https://bugzilla.suse.com/show_bug.cgi?id=1234462
* https://bugzilla.suse.com/show_bug.cgi?id=1234473
* https://bugzilla.suse.com/show_bug.cgi?id=1234476
* https://bugzilla.suse.com/show_bug.cgi?id=1234477
SUSE-SU-2025:0071-1: important: Security update for dnsmasq
# Security update for dnsmasq
Announcement ID: SUSE-SU-2025:0071-1
Release Date: 2025-01-10T16:54:52Z
Rating: important
References:
* bsc#1200344
* bsc#1207174
* bsc#1209358
* bsc#1214884
* bsc#1219823
* bsc#1219826
Cross-References:
* CVE-2023-28450
* CVE-2023-50387
* CVE-2023-50868
CVSS scores:
* CVE-2023-28450 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2023-28450 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50387 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50387 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2023-50868 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* Basesystem Module 15-SP6
* openSUSE Leap 15.4
* openSUSE Leap 15.6
* openSUSE Leap Micro 5.5
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves three vulnerabilities and has three security fixes can now
be installed.
## Description:
This update for dnsmasq fixes the following issues:
* Version update to 2.90:
* CVE-2023-50387: Fixed a Denial Of Service while trying to validate specially
crafted DNSSEC responses. (bsc#1219823)
* CVE-2023-50868: Fixed a Denial Of Service while trying to validate specially
crafted DNSSEC responses. (bsc#1219826)
* CVE-2023-28450: Default maximum EDNS.0 UDP packet size should be 1232.
(bsc#1209358)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-71=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-71=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-71=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-71=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-71=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2025-71=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-71=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-71=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-71=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-71=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-71=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-71=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-71=1
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-71=1
* openSUSE Leap Micro 5.5
zypper in -t patch openSUSE-Leap-Micro-5.5-2025-71=1
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-71=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-71=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-71=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-71=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-71=1
* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-71=1
## Package List:
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Manager Proxy 4.3 (x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* dnsmasq-utils-debuginfo-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-utils-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* openSUSE Leap Micro 5.5 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* dnsmasq-utils-debuginfo-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-utils-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* dnsmasq-debuginfo-2.90-150400.16.3.1
* dnsmasq-debugsource-2.90-150400.16.3.1
* dnsmasq-2.90-150400.16.3.1
## References:
* https://www.suse.com/security/cve/CVE-2023-28450.html
* https://www.suse.com/security/cve/CVE-2023-50387.html
* https://www.suse.com/security/cve/CVE-2023-50868.html
* https://bugzilla.suse.com/show_bug.cgi?id=1200344
* https://bugzilla.suse.com/show_bug.cgi?id=1207174
* https://bugzilla.suse.com/show_bug.cgi?id=1209358
* https://bugzilla.suse.com/show_bug.cgi?id=1214884
* https://bugzilla.suse.com/show_bug.cgi?id=1219823
* https://bugzilla.suse.com/show_bug.cgi?id=1219826
SUSE-SU-2025:0072-1: important: Security update for logback
# Security update for logback
Announcement ID: SUSE-SU-2025:0072-1
Release Date: 2025-01-10T18:33:38Z
Rating: important
References:
* bsc#1234742
* bsc#1234743
Cross-References:
* CVE-2024-12798
* CVE-2024-12801
CVSS scores:
* CVE-2024-12798 ( SUSE ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-12798 ( NVD ): 5.9
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:L/U:Clear
* CVE-2024-12801 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
* CVE-2024-12801 ( NVD ): 2.4
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:D/RE:X/U:Clear
Affected Products:
* openSUSE Leap 15.6
An update that solves two vulnerabilities can now be installed.
## Description:
This update for logback fixes the following issues:
* CVE-2024-12798: Fixed arbitrary code execution via JaninoEventEvaluator
(bsc#1234742)
* CVE-2024-12801: Fixed Server-Side Request Forgery in SaxEventRecorder
(bsc#1234743)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-72=1
## Package List:
* openSUSE Leap 15.6 (noarch)
* logback-examples-1.2.11-150200.3.10.1
* logback-1.2.11-150200.3.10.1
* logback-javadoc-1.2.11-150200.3.10.1
* logback-access-1.2.11-150200.3.10.1
## References:
* https://www.suse.com/security/cve/CVE-2024-12798.html
* https://www.suse.com/security/cve/CVE-2024-12801.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234742
* https://bugzilla.suse.com/show_bug.cgi?id=1234743
SUSE-SU-2025:0070-1: important: Security update for gstreamer
# Security update for gstreamer
Announcement ID: SUSE-SU-2025:0070-1
Release Date: 2025-01-10T16:52:54Z
Rating: important
References:
* bsc#1234449
Cross-References:
* CVE-2024-47606
CVSS scores:
* CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47606 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* openSUSE Leap 15.4
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
* SUSE Linux Enterprise High Performance Computing 15 SP4
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
* SUSE Linux Enterprise Micro 5.3
* SUSE Linux Enterprise Micro 5.4
* SUSE Linux Enterprise Micro for Rancher 5.3
* SUSE Linux Enterprise Micro for Rancher 5.4
* SUSE Linux Enterprise Server 15 SP4
* SUSE Linux Enterprise Server 15 SP4 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
* SUSE Manager Proxy 4.3
* SUSE Manager Retail Branch Server 4.3
* SUSE Manager Server 4.3
An update that solves one vulnerability can now be installed.
## Description:
This update for gstreamer fixes the following issues:
* CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory
allocator that can lead to out-of-bounds writes. (boo#1234449)
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-70=1
* SUSE Linux Enterprise Micro for Rancher 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-70=1
* SUSE Linux Enterprise Micro 5.3
zypper in -t patch SUSE-SLE-Micro-5.3-2025-70=1
* SUSE Linux Enterprise Micro for Rancher 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-70=1
* SUSE Linux Enterprise Micro 5.4
zypper in -t patch SUSE-SLE-Micro-5.4-2025-70=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-70=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4
zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-70=1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLED-15-SP4-LTSS-2025-70=1
* SUSE Linux Enterprise Server 15 SP4 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-70=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-70=1
* SUSE Manager Proxy 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-70=1
* SUSE Manager Retail Branch Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2025-70=1
* SUSE Manager Server 4.3
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-70=1
## Package List:
* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* openSUSE Leap 15.4 (x86_64)
* typelib-1_0-Gst-1_0-32bit-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-32bit-debuginfo-1.20.1-150400.3.3.1
* gstreamer-32bit-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-32bit-1.20.1-150400.3.3.1
* gstreamer-devel-32bit-1.20.1-150400.3.3.1
* gstreamer-32bit-1.20.1-150400.3.3.1
* openSUSE Leap 15.4 (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libgstreamer-1_0-0-64bit-1.20.1-150400.3.3.1
* gstreamer-64bit-1.20.1-150400.3.3.1
* gstreamer-devel-64bit-1.20.1-150400.3.3.1
* gstreamer-64bit-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-64bit-debuginfo-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64
x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64
x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Desktop 15 SP4 LTSS (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Server 15 SP4 LTSS (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* SUSE Manager Proxy 4.3 (x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Manager Proxy 4.3 (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* SUSE Manager Retail Branch Server 4.3 (x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Manager Retail Branch Server 4.3 (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
* SUSE Manager Server 4.3 (ppc64le s390x x86_64)
* libgstreamer-1_0-0-1.20.1-150400.3.3.1
* gstreamer-1.20.1-150400.3.3.1
* gstreamer-debugsource-1.20.1-150400.3.3.1
* gstreamer-utils-1.20.1-150400.3.3.1
* gstreamer-debuginfo-1.20.1-150400.3.3.1
* typelib-1_0-Gst-1_0-1.20.1-150400.3.3.1
* gstreamer-utils-debuginfo-1.20.1-150400.3.3.1
* libgstreamer-1_0-0-debuginfo-1.20.1-150400.3.3.1
* gstreamer-devel-1.20.1-150400.3.3.1
* SUSE Manager Server 4.3 (noarch)
* gstreamer-lang-1.20.1-150400.3.3.1
## References:
* https://www.suse.com/security/cve/CVE-2024-47606.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234449
