Python39, Webkit2GTK3, OpenJPEG2, and more updates for SUSE

SUSE 5196 Published by

SUSE Linux has received several security updates, including moderate patches for python39, webkit2gtk3, openjpeg2, python312, python310, gstreamer, gstreamer-plugins-base, and gstreamer-plugins-good:

SUSE-SU-2025:0047-1: moderate: Security update for python39
SUSE-SU-2025:0043-1: important: Security update for webkit2gtk3
SUSE-SU-2025:0044-1: moderate: Security update for openjpeg2
SUSE-SU-2025:0048-1: moderate: Security update for python312
SUSE-SU-2025:0049-1: moderate: Security update for python310
SUSE-SU-2025:0053-1: important: Security update for gstreamer
SUSE-SU-2025:0054-1: important: Security update for gstreamer-plugins-base
SUSE-SU-2025:0055-1: important: Security update for gstreamer-plugins-good




SUSE-SU-2025:0047-1: moderate: Security update for python39


# Security update for python39

Announcement ID: SUSE-SU-2025:0047-1
Release Date: 2025-01-09T15:36:42Z
Rating: moderate
References:

* bsc#1232241
* bsc#1233307

Cross-References:

* CVE-2024-11168
* CVE-2024-9287

CVSS scores:

* CVE-2024-11168 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
* CVE-2024-11168 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-11168 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
* CVE-2024-11168 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-9287 ( SUSE ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
* CVE-2024-9287 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-9287 ( NVD ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green

Affected Products:

* openSUSE Leap 15.3
* openSUSE Leap 15.6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for python39 fixes the following issue:

* Update to 3.9.21

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3
zypper in -t patch SUSE-2025-47=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-47=1

## Package List:

* openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586)
* python39-doc-devhelp-3.9.21-150300.4.61.1
* python39-testsuite-debuginfo-3.9.21-150300.4.61.1
* python39-core-debugsource-3.9.21-150300.4.61.1
* python39-curses-debuginfo-3.9.21-150300.4.61.1
* python39-testsuite-3.9.21-150300.4.61.1
* python39-tools-3.9.21-150300.4.61.1
* python39-base-debuginfo-3.9.21-150300.4.61.1
* python39-idle-3.9.21-150300.4.61.1
* python39-tk-3.9.21-150300.4.61.1
* python39-debugsource-3.9.21-150300.4.61.1
* python39-tk-debuginfo-3.9.21-150300.4.61.1
* python39-dbm-3.9.21-150300.4.61.1
* python39-3.9.21-150300.4.61.1
* python39-dbm-debuginfo-3.9.21-150300.4.61.1
* libpython3_9-1_0-3.9.21-150300.4.61.1
* libpython3_9-1_0-debuginfo-3.9.21-150300.4.61.1
* python39-doc-3.9.21-150300.4.61.1
* python39-debuginfo-3.9.21-150300.4.61.1
* python39-base-3.9.21-150300.4.61.1
* python39-curses-3.9.21-150300.4.61.1
* python39-devel-3.9.21-150300.4.61.1
* openSUSE Leap 15.3 (x86_64)
* python39-base-32bit-debuginfo-3.9.21-150300.4.61.1
* python39-32bit-debuginfo-3.9.21-150300.4.61.1
* libpython3_9-1_0-32bit-debuginfo-3.9.21-150300.4.61.1
* libpython3_9-1_0-32bit-3.9.21-150300.4.61.1
* python39-base-32bit-3.9.21-150300.4.61.1
* python39-32bit-3.9.21-150300.4.61.1
* openSUSE Leap 15.3 (aarch64_ilp32)
* python39-64bit-3.9.21-150300.4.61.1
* libpython3_9-1_0-64bit-3.9.21-150300.4.61.1
* python39-64bit-debuginfo-3.9.21-150300.4.61.1
* python39-base-64bit-3.9.21-150300.4.61.1
* libpython3_9-1_0-64bit-debuginfo-3.9.21-150300.4.61.1
* python39-base-64bit-debuginfo-3.9.21-150300.4.61.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python39-doc-devhelp-3.9.21-150300.4.61.1
* python39-testsuite-debuginfo-3.9.21-150300.4.61.1
* python39-core-debugsource-3.9.21-150300.4.61.1
* python39-curses-debuginfo-3.9.21-150300.4.61.1
* python39-testsuite-3.9.21-150300.4.61.1
* python39-tools-3.9.21-150300.4.61.1
* python39-base-debuginfo-3.9.21-150300.4.61.1
* python39-idle-3.9.21-150300.4.61.1
* python39-tk-3.9.21-150300.4.61.1
* python39-debugsource-3.9.21-150300.4.61.1
* python39-tk-debuginfo-3.9.21-150300.4.61.1
* python39-dbm-3.9.21-150300.4.61.1
* python39-3.9.21-150300.4.61.1
* python39-dbm-debuginfo-3.9.21-150300.4.61.1
* libpython3_9-1_0-3.9.21-150300.4.61.1
* libpython3_9-1_0-debuginfo-3.9.21-150300.4.61.1
* python39-doc-3.9.21-150300.4.61.1
* python39-debuginfo-3.9.21-150300.4.61.1
* python39-base-3.9.21-150300.4.61.1
* python39-curses-3.9.21-150300.4.61.1
* python39-devel-3.9.21-150300.4.61.1
* openSUSE Leap 15.6 (x86_64)
* python39-base-32bit-debuginfo-3.9.21-150300.4.61.1
* python39-32bit-debuginfo-3.9.21-150300.4.61.1
* libpython3_9-1_0-32bit-debuginfo-3.9.21-150300.4.61.1
* libpython3_9-1_0-32bit-3.9.21-150300.4.61.1
* python39-base-32bit-3.9.21-150300.4.61.1
* python39-32bit-3.9.21-150300.4.61.1

## References:

* https://www.suse.com/security/cve/CVE-2024-11168.html
* https://www.suse.com/security/cve/CVE-2024-9287.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232241
* https://bugzilla.suse.com/show_bug.cgi?id=1233307



SUSE-SU-2025:0043-1: important: Security update for webkit2gtk3


# Security update for webkit2gtk3

Announcement ID: SUSE-SU-2025:0043-1
Release Date: 2025-01-09T15:04:41Z
Rating: important
References:

* bsc#1234851

Cross-References:

* CVE-2024-40866
* CVE-2024-44185
* CVE-2024-44187
* CVE-2024-44308
* CVE-2024-44309
* CVE-2024-54479
* CVE-2024-54502
* CVE-2024-54505
* CVE-2024-54508
* CVE-2024-54534

CVSS scores:

* CVE-2024-40866 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2024-40866 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
* CVE-2024-44185 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-44185 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-44185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-44185 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-44187 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-44187 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2024-44308 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-44308 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-44308 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-44309 ( SUSE ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-44309 ( NVD ): 6.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
* CVE-2024-44309 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-54479 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54479 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54479 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54502 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54502 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54502 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54502 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54505 ( SUSE ): 5.9
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54505 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2024-54505 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54505 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54508 ( SUSE ): 7.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54508 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2024-54508 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54508 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-54534 ( SUSE ): 8.7
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2024-54534 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-54534 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-54534 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Products:

* Basesystem Module 15-SP6
* Desktop Applications Module 15-SP6
* Development Tools Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves 10 vulnerabilities can now be installed.

## Description:

This update for webkit2gtk3 fixes the following issues:

Update to version 2.46.5 (bsc#1234851):

Security fixes:

* CVE-2024-54479: Processing maliciously crafted web content may lead to an
unexpected process crash
* CVE-2024-54502: Processing maliciously crafted web content may lead to an
unexpected process crash
* CVE-2024-54505: Processing maliciously crafted web content may lead to
memory corruption
* CVE-2024-54508: Processing maliciously crafted web content may lead to an
unexpected process crash
* CVE-2024-54534: Processing maliciously crafted web content may lead to
memory corruption

Other fixes:

* Fix the build with GBM and release logs disabled.
* Fix several crashes and rendering issues.
* Improve memory consumption and performance of Canvas getImageData.
* Fix preserve-3D intersection rendering.
* Fix video dimensions since GStreamer 1.24.9.
* Fix the HTTP-based remote Web Inspector not loading in Chromium.
* Fix content filters not working on about:blank iframes.
* Fix several crashes and rendering issues.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-43=1 openSUSE-SLE-15.6-2025-43=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-43=1

* Desktop Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP6-2025-43=1

* Development Tools Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP6-2025-43=1

## Package List:

* openSUSE Leap 15.6 (noarch)
* WebKitGTK-6.0-lang-2.46.5-150600.12.24.1
* WebKitGTK-4.0-lang-2.46.5-150600.12.24.1
* WebKitGTK-4.1-lang-2.46.5-150600.12.24.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* webkit-jsc-4.1-2.46.5-150600.12.24.1
* webkit-jsc-4.1-debuginfo-2.46.5-150600.12.24.1
* typelib-1_0-JavaScriptCore-4_0-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.5-150600.12.24.1
* webkit2gtk3-soup2-devel-2.46.5-150600.12.24.1
* webkit2gtk4-devel-2.46.5-150600.12.24.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.5-150600.12.24.1
* webkit-jsc-6.0-debuginfo-2.46.5-150600.12.24.1
* webkit2gtk3-soup2-minibrowser-2.46.5-150600.12.24.1
* webkit2gtk4-minibrowser-2.46.5-150600.12.24.1
* webkit2gtk3-soup2-minibrowser-debuginfo-2.46.5-150600.12.24.1
* libjavascriptcoregtk-6_0-1-2.46.5-150600.12.24.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.5-150600.12.24.1
* webkitgtk-6_0-injected-bundles-2.46.5-150600.12.24.1
* webkit2gtk3-debugsource-2.46.5-150600.12.24.1
* webkit-jsc-4-2.46.5-150600.12.24.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.46.5-150600.12.24.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.46.5-150600.12.24.1
* webkit-jsc-4-debuginfo-2.46.5-150600.12.24.1
* webkit2gtk4-debugsource-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.5-150600.12.24.1
* webkit-jsc-6.0-2.46.5-150600.12.24.1
* webkit2gtk3-minibrowser-2.46.5-150600.12.24.1
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.5-150600.12.24.1
* webkit2gtk-4_0-injected-bundles-2.46.5-150600.12.24.1
* libwebkit2gtk-4_0-37-2.46.5-150600.12.24.1
* webkit2gtk4-minibrowser-debuginfo-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_1-0-2.46.5-150600.12.24.1
* libwebkitgtk-6_0-4-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.5-150600.12.24.1
* webkit2gtk3-devel-2.46.5-150600.12.24.1
* webkit2gtk3-minibrowser-debuginfo-2.46.5-150600.12.24.1
* libwebkitgtk-6_0-4-debuginfo-2.46.5-150600.12.24.1
* typelib-1_0-JavaScriptCore-4_1-2.46.5-150600.12.24.1
* typelib-1_0-JavaScriptCore-6_0-2.46.5-150600.12.24.1
* webkit2gtk-4_1-injected-bundles-2.46.5-150600.12.24.1
* typelib-1_0-WebKit-6_0-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2-4_1-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2-4_0-2.46.5-150600.12.24.1
* webkit2gtk3-soup2-debugsource-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.5-150600.12.24.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.5-150600.12.24.1
* openSUSE Leap 15.6 (x86_64)
* libjavascriptcoregtk-4_1-0-32bit-debuginfo-2.46.5-150600.12.24.1
* libwebkit2gtk-4_0-37-32bit-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-32bit-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-32bit-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_1-0-32bit-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-32bit-debuginfo-2.46.5-150600.12.24.1
* libwebkit2gtk-4_0-37-32bit-debuginfo-2.46.5-150600.12.24.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* libwebkit2gtk-4_0-37-64bit-debuginfo-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_1-0-64bit-2.46.5-150600.12.24.1
* libwebkit2gtk-4_0-37-64bit-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-64bit-debuginfo-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-64bit-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_1-0-64bit-debuginfo-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-64bit-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-64bit-debuginfo-2.46.5-150600.12.24.1
* Basesystem Module 15-SP6 (noarch)
* WebKitGTK-6.0-lang-2.46.5-150600.12.24.1
* WebKitGTK-4.0-lang-2.46.5-150600.12.24.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* webkitgtk-6_0-injected-bundles-2.46.5-150600.12.24.1
* typelib-1_0-JavaScriptCore-4_0-2.46.5-150600.12.24.1
* webkit2gtk3-soup2-devel-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2WebExtension-4_0-2.46.5-150600.12.24.1
* webkit2gtk-4_0-injected-bundles-2.46.5-150600.12.24.1
* libwebkit2gtk-4_0-37-2.46.5-150600.12.24.1
* libwebkitgtk-6_0-4-debuginfo-2.46.5-150600.12.24.1
* webkitgtk-6_0-injected-bundles-debuginfo-2.46.5-150600.12.24.1
* webkit2gtk4-debugsource-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_0-18-debuginfo-2.46.5-150600.12.24.1
* libwebkitgtk-6_0-4-2.46.5-150600.12.24.1
* webkit2gtk-4_0-injected-bundles-debuginfo-2.46.5-150600.12.24.1
* webkit2gtk3-soup2-debugsource-2.46.5-150600.12.24.1
* libjavascriptcoregtk-6_0-1-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2-4_0-2.46.5-150600.12.24.1
* libjavascriptcoregtk-6_0-1-debuginfo-2.46.5-150600.12.24.1
* libwebkit2gtk-4_0-37-debuginfo-2.46.5-150600.12.24.1
* Desktop Applications Module 15-SP6 (noarch)
* WebKitGTK-4.1-lang-2.46.5-150600.12.24.1
* Desktop Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* webkit2gtk-4_1-injected-bundles-debuginfo-2.46.5-150600.12.24.1
* webkit2gtk3-debugsource-2.46.5-150600.12.24.1
* webkit2gtk3-devel-2.46.5-150600.12.24.1
* typelib-1_0-JavaScriptCore-4_1-2.46.5-150600.12.24.1
* webkit2gtk-4_1-injected-bundles-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_1-0-2.46.5-150600.12.24.1
* libjavascriptcoregtk-4_1-0-debuginfo-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2-4_1-2.46.5-150600.12.24.1
* typelib-1_0-WebKit2WebExtension-4_1-2.46.5-150600.12.24.1
* libwebkit2gtk-4_1-0-debuginfo-2.46.5-150600.12.24.1
* Development Tools Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* typelib-1_0-JavaScriptCore-6_0-2.46.5-150600.12.24.1
* typelib-1_0-WebKitWebProcessExtension-6_0-2.46.5-150600.12.24.1
* webkit2gtk4-debugsource-2.46.5-150600.12.24.1
* webkit2gtk4-devel-2.46.5-150600.12.24.1
* typelib-1_0-WebKit-6_0-2.46.5-150600.12.24.1

## References:

* https://www.suse.com/security/cve/CVE-2024-40866.html
* https://www.suse.com/security/cve/CVE-2024-44185.html
* https://www.suse.com/security/cve/CVE-2024-44187.html
* https://www.suse.com/security/cve/CVE-2024-44308.html
* https://www.suse.com/security/cve/CVE-2024-44309.html
* https://www.suse.com/security/cve/CVE-2024-54479.html
* https://www.suse.com/security/cve/CVE-2024-54502.html
* https://www.suse.com/security/cve/CVE-2024-54505.html
* https://www.suse.com/security/cve/CVE-2024-54508.html
* https://www.suse.com/security/cve/CVE-2024-54534.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234851



SUSE-SU-2025:0044-1: moderate: Security update for openjpeg2


# Security update for openjpeg2

Announcement ID: SUSE-SU-2025:0044-1
Release Date: 2025-01-09T15:05:04Z
Rating: moderate
References:

* bsc#1235029

Cross-References:

* CVE-2024-56826

CVSS scores:

* CVE-2024-56826 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2024-56826 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-56826 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for openjpeg2 fixes the following issues:

* CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c
(bsc#1235029)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-44=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-44=1

* SUSE Package Hub 15 15-SP6
zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-44=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* openjpeg2-devel-2.3.0-150000.3.18.1
* openjpeg2-debugsource-2.3.0-150000.3.18.1
* libopenjp2-7-debuginfo-2.3.0-150000.3.18.1
* libopenjp2-7-2.3.0-150000.3.18.1
* openjpeg2-debuginfo-2.3.0-150000.3.18.1
* openjpeg2-2.3.0-150000.3.18.1
* openSUSE Leap 15.6 (x86_64)
* libopenjp2-7-32bit-2.3.0-150000.3.18.1
* libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.18.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* openjpeg2-devel-2.3.0-150000.3.18.1
* openjpeg2-debugsource-2.3.0-150000.3.18.1
* libopenjp2-7-debuginfo-2.3.0-150000.3.18.1
* libopenjp2-7-2.3.0-150000.3.18.1
* openjpeg2-debuginfo-2.3.0-150000.3.18.1
* openjpeg2-2.3.0-150000.3.18.1
* SUSE Package Hub 15 15-SP6 (x86_64)
* libopenjp2-7-32bit-2.3.0-150000.3.18.1
* libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.18.1

## References:

* https://www.suse.com/security/cve/CVE-2024-56826.html
* https://bugzilla.suse.com/show_bug.cgi?id=1235029



SUSE-SU-2025:0048-1: moderate: Security update for python312


# Security update for python312

Announcement ID: SUSE-SU-2025:0048-1
Release Date: 2025-01-09T15:36:59Z
Rating: moderate
References:

* bsc#1232241

Cross-References:

* CVE-2024-9287

CVSS scores:

* CVE-2024-9287 ( SUSE ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
* CVE-2024-9287 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-9287 ( NVD ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green

Affected Products:

* openSUSE Leap 15.6
* Python 3 Module 15-SP6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6

An update that solves one vulnerability can now be installed.

## Description:

This update for python312 fixes the following issues:

* Properly quote path names provided when creating a virtual environment
(bsc#1232241, CVE-2024-9287)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-48=1 SUSE-2025-48=1

* Python 3 Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Python3-15-SP6-2025-48=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* python312-base-debuginfo-3.12.8-150600.3.15.1
* python312-dbm-debuginfo-3.12.8-150600.3.15.1
* python312-testsuite-3.12.8-150600.3.15.1
* libpython3_12-1_0-3.12.8-150600.3.15.1
* python312-tools-3.12.8-150600.3.15.1
* python312-devel-3.12.8-150600.3.15.1
* python312-tk-debuginfo-3.12.8-150600.3.15.1
* python312-doc-devhelp-3.12.8-150600.3.15.1
* python312-curses-3.12.8-150600.3.15.1
* python312-debugsource-3.12.8-150600.3.15.1
* python312-core-debugsource-3.12.8-150600.3.15.1
* python312-curses-debuginfo-3.12.8-150600.3.15.1
* libpython3_12-1_0-debuginfo-3.12.8-150600.3.15.1
* python312-dbm-3.12.8-150600.3.15.1
* python312-base-3.12.8-150600.3.15.1
* python312-debuginfo-3.12.8-150600.3.15.1
* python312-testsuite-debuginfo-3.12.8-150600.3.15.1
* python312-idle-3.12.8-150600.3.15.1
* python312-3.12.8-150600.3.15.1
* python312-tk-3.12.8-150600.3.15.1
* python312-doc-3.12.8-150600.3.15.1
* openSUSE Leap 15.6 (x86_64)
* python312-32bit-debuginfo-3.12.8-150600.3.15.1
* python312-base-32bit-debuginfo-3.12.8-150600.3.15.1
* libpython3_12-1_0-32bit-debuginfo-3.12.8-150600.3.15.1
* libpython3_12-1_0-32bit-3.12.8-150600.3.15.1
* python312-32bit-3.12.8-150600.3.15.1
* python312-base-32bit-3.12.8-150600.3.15.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* python312-64bit-debuginfo-3.12.8-150600.3.15.1
* libpython3_12-1_0-64bit-debuginfo-3.12.8-150600.3.15.1
* python312-64bit-3.12.8-150600.3.15.1
* libpython3_12-1_0-64bit-3.12.8-150600.3.15.1
* python312-base-64bit-3.12.8-150600.3.15.1
* python312-base-64bit-debuginfo-3.12.8-150600.3.15.1
* Python 3 Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* python312-base-3.12.8-150600.3.15.1
* python312-base-debuginfo-3.12.8-150600.3.15.1
* python312-core-debugsource-3.12.8-150600.3.15.1
* python312-dbm-debuginfo-3.12.8-150600.3.15.1
* python312-debuginfo-3.12.8-150600.3.15.1
* python312-tk-debuginfo-3.12.8-150600.3.15.1
* python312-curses-debuginfo-3.12.8-150600.3.15.1
* libpython3_12-1_0-3.12.8-150600.3.15.1
* python312-idle-3.12.8-150600.3.15.1
* python312-tools-3.12.8-150600.3.15.1
* python312-3.12.8-150600.3.15.1
* libpython3_12-1_0-debuginfo-3.12.8-150600.3.15.1
* python312-devel-3.12.8-150600.3.15.1
* python312-tk-3.12.8-150600.3.15.1
* python312-curses-3.12.8-150600.3.15.1
* python312-debugsource-3.12.8-150600.3.15.1
* python312-dbm-3.12.8-150600.3.15.1

## References:

* https://www.suse.com/security/cve/CVE-2024-9287.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232241



SUSE-SU-2025:0049-1: moderate: Security update for python310


# Security update for python310

Announcement ID: SUSE-SU-2025:0049-1
Release Date: 2025-01-09T15:37:11Z
Rating: moderate
References:

* bsc#1232241
* bsc#1233307

Cross-References:

* CVE-2024-11168
* CVE-2024-9287

CVSS scores:

* CVE-2024-11168 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
* CVE-2024-11168 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-11168 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:X/V:X/RE:X/U:X
* CVE-2024-11168 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
* CVE-2024-9287 ( SUSE ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green
* CVE-2024-9287 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
* CVE-2024-9287 ( NVD ): 5.3
CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green

Affected Products:

* openSUSE Leap 15.4
* openSUSE Leap 15.6

An update that solves two vulnerabilities can now be installed.

## Description:

This update for python310 fixes the following issues:

* Update to 3.10.16

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.4
zypper in -t patch SUSE-2025-49=1

* openSUSE Leap 15.6
zypper in -t patch openSUSE-SLE-15.6-2025-49=1

## Package List:

* openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64 i586)
* python310-idle-3.10.16-150400.4.66.1
* python310-testsuite-3.10.16-150400.4.66.1
* python310-base-3.10.16-150400.4.66.1
* python310-testsuite-debuginfo-3.10.16-150400.4.66.1
* python310-curses-debuginfo-3.10.16-150400.4.66.1
* python310-tools-3.10.16-150400.4.66.1
* python310-tk-3.10.16-150400.4.66.1
* python310-curses-3.10.16-150400.4.66.1
* python310-dbm-debuginfo-3.10.16-150400.4.66.1
* python310-dbm-3.10.16-150400.4.66.1
* python310-debuginfo-3.10.16-150400.4.66.1
* libpython3_10-1_0-debuginfo-3.10.16-150400.4.66.1
* python310-base-debuginfo-3.10.16-150400.4.66.1
* python310-debugsource-3.10.16-150400.4.66.1
* python310-devel-3.10.16-150400.4.66.1
* python310-core-debugsource-3.10.16-150400.4.66.1
* python310-3.10.16-150400.4.66.1
* python310-doc-3.10.16-150400.4.66.1
* python310-doc-devhelp-3.10.16-150400.4.66.1
* python310-tk-debuginfo-3.10.16-150400.4.66.1
* libpython3_10-1_0-3.10.16-150400.4.66.1
* openSUSE Leap 15.4 (x86_64)
* python310-base-32bit-3.10.16-150400.4.66.1
* python310-base-32bit-debuginfo-3.10.16-150400.4.66.1
* python310-32bit-debuginfo-3.10.16-150400.4.66.1
* python310-32bit-3.10.16-150400.4.66.1
* libpython3_10-1_0-32bit-3.10.16-150400.4.66.1
* libpython3_10-1_0-32bit-debuginfo-3.10.16-150400.4.66.1
* openSUSE Leap 15.4 (aarch64_ilp32)
* libpython3_10-1_0-64bit-debuginfo-3.10.16-150400.4.66.1
* python310-64bit-3.10.16-150400.4.66.1
* python310-base-64bit-debuginfo-3.10.16-150400.4.66.1
* libpython3_10-1_0-64bit-3.10.16-150400.4.66.1
* python310-base-64bit-3.10.16-150400.4.66.1
* python310-64bit-debuginfo-3.10.16-150400.4.66.1
* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
* python310-idle-3.10.16-150400.4.66.1
* python310-testsuite-3.10.16-150400.4.66.1
* python310-base-3.10.16-150400.4.66.1
* python310-testsuite-debuginfo-3.10.16-150400.4.66.1
* python310-curses-debuginfo-3.10.16-150400.4.66.1
* python310-tools-3.10.16-150400.4.66.1
* python310-tk-3.10.16-150400.4.66.1
* python310-curses-3.10.16-150400.4.66.1
* python310-dbm-debuginfo-3.10.16-150400.4.66.1
* python310-dbm-3.10.16-150400.4.66.1
* python310-debuginfo-3.10.16-150400.4.66.1
* libpython3_10-1_0-debuginfo-3.10.16-150400.4.66.1
* python310-base-debuginfo-3.10.16-150400.4.66.1
* python310-debugsource-3.10.16-150400.4.66.1
* python310-devel-3.10.16-150400.4.66.1
* python310-core-debugsource-3.10.16-150400.4.66.1
* python310-3.10.16-150400.4.66.1
* python310-doc-3.10.16-150400.4.66.1
* python310-doc-devhelp-3.10.16-150400.4.66.1
* python310-tk-debuginfo-3.10.16-150400.4.66.1
* libpython3_10-1_0-3.10.16-150400.4.66.1
* openSUSE Leap 15.6 (x86_64)
* python310-base-32bit-3.10.16-150400.4.66.1
* python310-base-32bit-debuginfo-3.10.16-150400.4.66.1
* python310-32bit-debuginfo-3.10.16-150400.4.66.1
* python310-32bit-3.10.16-150400.4.66.1
* libpython3_10-1_0-32bit-3.10.16-150400.4.66.1
* libpython3_10-1_0-32bit-debuginfo-3.10.16-150400.4.66.1

## References:

* https://www.suse.com/security/cve/CVE-2024-11168.html
* https://www.suse.com/security/cve/CVE-2024-9287.html
* https://bugzilla.suse.com/show_bug.cgi?id=1232241
* https://bugzilla.suse.com/show_bug.cgi?id=1233307



SUSE-SU-2025:0053-1: important: Security update for gstreamer


# Security update for gstreamer

Announcement ID: SUSE-SU-2025:0053-1
Release Date: 2025-01-09T16:36:09Z
Rating: important
References:

* bsc#1234449

Cross-References:

* CVE-2024-47606

CVSS scores:

* CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47606 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves one vulnerability can now be installed.

## Description:

This update for gstreamer fixes the following issues:

* CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory
allocator that can lead to out-of-bounds writes. (boo#1234449)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-53=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-53=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-53=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-53=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-53=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-53=1

## Package List:

* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* gstreamer-devel-1.22.0-150500.3.5.1
* gstreamer-utils-debuginfo-1.22.0-150500.3.5.1
* gstreamer-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-1.22.0-150500.3.5.1
* typelib-1_0-Gst-1_0-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debugsource-1.22.0-150500.3.5.1
* gstreamer-utils-1.22.0-150500.3.5.1
* openSUSE Leap 15.5 (x86_64)
* gstreamer-32bit-debuginfo-1.22.0-150500.3.5.1
* gstreamer-32bit-1.22.0-150500.3.5.1
* typelib-1_0-Gst-1_0-32bit-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-32bit-1.22.0-150500.3.5.1
* gstreamer-devel-32bit-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-32bit-debuginfo-1.22.0-150500.3.5.1
* openSUSE Leap 15.5 (noarch)
* gstreamer-lang-1.22.0-150500.3.5.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* gstreamer-devel-64bit-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-64bit-1.22.0-150500.3.5.1
* gstreamer-64bit-1.22.0-150500.3.5.1
* gstreamer-64bit-debuginfo-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-64bit-debuginfo-1.22.0-150500.3.5.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* gstreamer-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debugsource-1.22.0-150500.3.5.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* gstreamer-devel-1.22.0-150500.3.5.1
* gstreamer-utils-debuginfo-1.22.0-150500.3.5.1
* gstreamer-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-1.22.0-150500.3.5.1
* typelib-1_0-Gst-1_0-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debugsource-1.22.0-150500.3.5.1
* gstreamer-utils-1.22.0-150500.3.5.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* gstreamer-lang-1.22.0-150500.3.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* gstreamer-devel-1.22.0-150500.3.5.1
* gstreamer-utils-debuginfo-1.22.0-150500.3.5.1
* gstreamer-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-1.22.0-150500.3.5.1
* typelib-1_0-Gst-1_0-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debugsource-1.22.0-150500.3.5.1
* gstreamer-utils-1.22.0-150500.3.5.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* gstreamer-lang-1.22.0-150500.3.5.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* gstreamer-devel-1.22.0-150500.3.5.1
* gstreamer-utils-debuginfo-1.22.0-150500.3.5.1
* gstreamer-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-1.22.0-150500.3.5.1
* typelib-1_0-Gst-1_0-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debugsource-1.22.0-150500.3.5.1
* gstreamer-utils-1.22.0-150500.3.5.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* gstreamer-lang-1.22.0-150500.3.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* gstreamer-devel-1.22.0-150500.3.5.1
* gstreamer-utils-debuginfo-1.22.0-150500.3.5.1
* gstreamer-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-1.22.0-150500.3.5.1
* typelib-1_0-Gst-1_0-1.22.0-150500.3.5.1
* libgstreamer-1_0-0-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debuginfo-1.22.0-150500.3.5.1
* gstreamer-debugsource-1.22.0-150500.3.5.1
* gstreamer-utils-1.22.0-150500.3.5.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* gstreamer-lang-1.22.0-150500.3.5.1

## References:

* https://www.suse.com/security/cve/CVE-2024-47606.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234449



SUSE-SU-2025:0054-1: important: Security update for gstreamer-plugins-base


# Security update for gstreamer-plugins-base

Announcement ID: SUSE-SU-2025:0054-1
Release Date: 2025-01-09T16:36:42Z
Rating: important
References:

* bsc#1234415
* bsc#1234450
* bsc#1234453
* bsc#1234455
* bsc#1234456
* bsc#1234459
* bsc#1234460

Cross-References:

* CVE-2024-47538
* CVE-2024-47541
* CVE-2024-47542
* CVE-2024-47600
* CVE-2024-47607
* CVE-2024-47615
* CVE-2024-47835

CVSS scores:

* CVE-2024-47538 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47538 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47538 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47541 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47541 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
* CVE-2024-47541 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47541 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47542 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47542 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47542 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47600 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2024-47600 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47600 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47607 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47607 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47607 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47615 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47615 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47615 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47835 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47835 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47835 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* openSUSE Leap 15.5
* SUSE Linux Enterprise High Performance Computing 15 SP5
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
* SUSE Linux Enterprise Micro 5.5
* SUSE Linux Enterprise Server 15 SP5
* SUSE Linux Enterprise Server 15 SP5 LTSS
* SUSE Linux Enterprise Server for SAP Applications 15 SP5

An update that solves seven vulnerabilities can now be installed.

## Description:

This update for gstreamer-plugins-base fixes the following issues:

* CVE-2024-47538: Fixed a stack-buffer overflow in
vorbis_handle_identification_packet. (bsc#1234415)
* CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser.
(bsc#1234450)
* CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0
commandline tool. (bsc#1234453)
* CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
* CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser.
(bsc#1234459)
* CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer
dereference. (bsc#1234460)
* CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-54=1

* openSUSE Leap 15.5
zypper in -t patch SUSE-2025-54=1

* SUSE Linux Enterprise Micro 5.5
zypper in -t patch SUSE-SLE-Micro-5.5-2025-54=1

* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-54=1

* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-54=1

* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-54=1

## Package List:

* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64)
* libgstvideo-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstAllocators-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstRtp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstGL-1_0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstVideo-1_0-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-1.22.0-150500.3.11.1
* libgstapp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstfft-1_0-0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstPbutils-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstTag-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstSdp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstApp-1_0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debugsource-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstRtsp-1_0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLX11-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstAudio-1_0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-devel-1.22.0-150500.3.11.1
* libgstapp-1_0-0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-1.22.0-150500.3.11.1
* libgsttag-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-1.22.0-150500.3.11.1
* libgstfft-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.22.0-150500.3.11.1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch)
* gstreamer-plugins-base-lang-1.22.0-150500.3.11.1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* libgstvideo-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstAllocators-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstRtp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstGL-1_0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstVideo-1_0-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-1.22.0-150500.3.11.1
* libgstapp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstfft-1_0-0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstPbutils-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstTag-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstSdp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstApp-1_0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debugsource-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstRtsp-1_0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLX11-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstAudio-1_0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-devel-1.22.0-150500.3.11.1
* libgstapp-1_0-0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-1.22.0-150500.3.11.1
* libgsttag-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-1.22.0-150500.3.11.1
* libgstfft-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.22.0-150500.3.11.1
* openSUSE Leap 15.5 (x86_64)
* libgstgl-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-32bit-1.22.0-150500.3.11.1
* gstreamer-plugins-base-devel-32bit-1.22.0-150500.3.11.1
* libgstapp-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstapp-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-32bit-1.22.0-150500.3.11.1
* gstreamer-plugins-base-32bit-1.22.0-150500.3.11.1
* libgstfft-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-32bit-1.22.0-150500.3.11.1
* libgsttag-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstfft-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-32bit-1.22.0-150500.3.11.1
* gstreamer-plugins-base-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstriff-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* libgstriff-1_0-0-32bit-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-32bit-debuginfo-1.22.0-150500.3.11.1
* openSUSE Leap 15.5 (noarch)
* gstreamer-plugins-base-lang-1.22.0-150500.3.11.1
* openSUSE Leap 15.5 (aarch64_ilp32)
* libgstvideo-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstfft-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstriff-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstapp-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstgl-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-64bit-1.22.0-150500.3.11.1
* gstreamer-plugins-base-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstapp-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstfft-1_0-0-64bit-1.22.0-150500.3.11.1
* gstreamer-plugins-base-devel-64bit-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-64bit-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-64bit-debuginfo-1.22.0-150500.3.11.1
* libgstriff-1_0-0-64bit-1.22.0-150500.3.11.1
* SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64)
* libgstvideo-1_0-0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstapp-1_0-0-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debugsource-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-1.22.0-150500.3.11.1
* libgstapp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-1.22.0-150500.3.11.1
* libgstgl-1_0-0-debuginfo-1.22.0-150500.3.11.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* libgstvideo-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstAllocators-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstRtp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstGL-1_0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstVideo-1_0-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-1.22.0-150500.3.11.1
* libgstapp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstfft-1_0-0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstPbutils-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstTag-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstSdp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstApp-1_0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debugsource-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstRtsp-1_0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLX11-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstAudio-1_0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-devel-1.22.0-150500.3.11.1
* libgstapp-1_0-0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-1.22.0-150500.3.11.1
* libgsttag-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-1.22.0-150500.3.11.1
* libgstfft-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.22.0-150500.3.11.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* gstreamer-plugins-base-lang-1.22.0-150500.3.11.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* libgstvideo-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstAllocators-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstRtp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstGL-1_0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstVideo-1_0-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-1.22.0-150500.3.11.1
* libgstapp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstfft-1_0-0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstPbutils-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstTag-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstSdp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstApp-1_0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debugsource-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstRtsp-1_0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLX11-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstAudio-1_0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-devel-1.22.0-150500.3.11.1
* libgstapp-1_0-0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-1.22.0-150500.3.11.1
* libgsttag-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-1.22.0-150500.3.11.1
* libgstfft-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.22.0-150500.3.11.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch)
* gstreamer-plugins-base-lang-1.22.0-150500.3.11.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64)
* libgstvideo-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstAllocators-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstRtp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstGL-1_0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstGLWayland-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstVideo-1_0-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-1.22.0-150500.3.11.1
* libgstriff-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgsttag-1_0-0-1.22.0-150500.3.11.1
* libgstapp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstfft-1_0-0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-1.22.0-150500.3.11.1
* typelib-1_0-GstPbutils-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstTag-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstSdp-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstApp-1_0-1.22.0-150500.3.11.1
* libgstaudio-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debugsource-1.22.0-150500.3.11.1
* libgstvideo-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtsp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* gstreamer-plugins-base-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstRtsp-1_0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLX11-1_0-1.22.0-150500.3.11.1
* typelib-1_0-GstAudio-1_0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-devel-1.22.0-150500.3.11.1
* libgstapp-1_0-0-1.22.0-150500.3.11.1
* libgstsdp-1_0-0-1.22.0-150500.3.11.1
* gstreamer-plugins-base-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-1.22.0-150500.3.11.1
* libgstallocators-1_0-0-1.22.0-150500.3.11.1
* libgsttag-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstpbutils-1_0-0-1.22.0-150500.3.11.1
* libgstfft-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstrtp-1_0-0-debuginfo-1.22.0-150500.3.11.1
* libgstgl-1_0-0-debuginfo-1.22.0-150500.3.11.1
* typelib-1_0-GstGLEGL-1_0-1.22.0-150500.3.11.1
* SUSE Linux Enterprise Server 15 SP5 LTSS (noarch)
* gstreamer-plugins-base-lang-1.22.0-150500.3.11.1

## References:

* https://www.suse.com/security/cve/CVE-2024-47538.html
* https://www.suse.com/security/cve/CVE-2024-47541.html
* https://www.suse.com/security/cve/CVE-2024-47542.html
* https://www.suse.com/security/cve/CVE-2024-47600.html
* https://www.suse.com/security/cve/CVE-2024-47607.html
* https://www.suse.com/security/cve/CVE-2024-47615.html
* https://www.suse.com/security/cve/CVE-2024-47835.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234415
* https://bugzilla.suse.com/show_bug.cgi?id=1234450
* https://bugzilla.suse.com/show_bug.cgi?id=1234453
* https://bugzilla.suse.com/show_bug.cgi?id=1234455
* https://bugzilla.suse.com/show_bug.cgi?id=1234456
* https://bugzilla.suse.com/show_bug.cgi?id=1234459
* https://bugzilla.suse.com/show_bug.cgi?id=1234460



SUSE-SU-2025:0055-1: important: Security update for gstreamer-plugins-good


# Security update for gstreamer-plugins-good

Announcement ID: SUSE-SU-2025:0055-1
Release Date: 2025-01-09T16:37:03Z
Rating: important
References:

* bsc#1234414
* bsc#1234417
* bsc#1234421
* bsc#1234424
* bsc#1234425
* bsc#1234426
* bsc#1234427
* bsc#1234428
* bsc#1234432
* bsc#1234433
* bsc#1234434
* bsc#1234435
* bsc#1234436
* bsc#1234439
* bsc#1234440
* bsc#1234446
* bsc#1234447
* bsc#1234449
* bsc#1234462
* bsc#1234473
* bsc#1234476
* bsc#1234477

Cross-References:

* CVE-2024-47530
* CVE-2024-47537
* CVE-2024-47539
* CVE-2024-47543
* CVE-2024-47544
* CVE-2024-47545
* CVE-2024-47546
* CVE-2024-47596
* CVE-2024-47597
* CVE-2024-47598
* CVE-2024-47599
* CVE-2024-47601
* CVE-2024-47602
* CVE-2024-47603
* CVE-2024-47606
* CVE-2024-47613
* CVE-2024-47774
* CVE-2024-47775
* CVE-2024-47776
* CVE-2024-47777
* CVE-2024-47778
* CVE-2024-47834

CVSS scores:

* CVE-2024-47530 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
* CVE-2024-47530 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
* CVE-2024-47537 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47537 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47537 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47539 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47539 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47539 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47543 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2024-47543 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47543 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47544 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47544 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47544 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47545 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47545 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47545 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47546 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47546 ( NVD ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47546 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47596 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47596 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47596 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47597 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47597 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47597 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47598 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47598 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47598 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47599 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47599 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47599 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47601 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47601 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47601 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47602 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47602 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47602 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47603 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47603 ( NVD ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47603 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47606 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47606 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47606 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47613 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47613 ( NVD ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47613 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-47774 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47774 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47774 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47775 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47775 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47775 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47776 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47776 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47776 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47777 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47777 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47777 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
* CVE-2024-47778 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47778 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47778 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47834 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-47834 ( NVD ): 5.1
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2024-47834 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Affected Products:

* Basesystem Module 15-SP6
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Linux Enterprise Workstation Extension 15 SP6

An update that solves 22 vulnerabilities can now be installed.

## Description:

This update for gstreamer-plugins-good fixes the following issues:

* CVE-2024-47606: Fixed an integer overflows in MP4/MOV demuxer and memory
allocator that can lead to out-of-bounds writes. (boo#1234449)
* CVE-2024-47537: Fixed an out-of-bounds write in isomp4/qtdemux.c.
(boo#1234414)
* CVE-2024-47539: Fixed an out-of-bounds write in convert_to_s334_1a.
(boo#1234417)
* CVE-2024-47530: Fixed an uninitialized stack memory in Matroska/WebM
demuxer. (boo#1234421)
* CVE-2024-47596: Fixed an integer underflow in MP4/MOV demuxer that can lead
to out-of-bounds reads. (boo#1234424)
* CVE-2024-47597: Fixed an out-of-bounds reads in MP4/MOV demuxer sample table
parser (boo#1234425)
* CVE-2024-47598: Fixed MP4/MOV sample table parser out-of-bounds read.
(boo#1234426)
* CVE-2024-47599: Fixed insufficient error handling in JPEG decoder that can
lead to NULL-pointer dereferences. (boo#1234427)
* CVE-2024-47601: Fixed a NULL-pointer dereference in Matroska/WebM demuxer.
(boo#1234428)
* CVE-2024-47602: Fixed a NULL-pointer dereferences and out-of-bounds reads in
Matroska/WebM demuxer. (boo#1234432)
* CVE-2024-47603: Fixed a NULL-pointer dereference in Matroska/WebM demuxer.
(boo#1234433)
* CVE-2024-47775: Fixed various out-of-bounds reads in WAV parser.
(boo#1234434)
* CVE-2024-47776: Fixed various out-of-bounds reads in WAV parser.
(boo#1234435)
* CVE-2024-47777: Fixed various out-of-bounds reads in WAV parser.
(boo#1234436)
* CVE-2024-47778: Fixed various out-of-bounds reads in WAV parser.
(boo#1234439)
* CVE-2024-47834: Fixed a use-after-free in the Matroska demuxer that can
cause crashes for certain input files. (boo#1234440)
* CVE-2024-47774: Fixed an integer overflow in AVI subtitle parser that leads
to out-of-bounds reads. (boo#1234446)
* CVE-2024-47613: Fixed a NULL-pointer dereference in gdk-pixbuf decoder.
(boo#1234447)
* CVE-2024-47543: Fixed an out-of-bounds write in qtdemux_parse_container.
(boo#1234462)
* CVE-2024-47544: Fixed a NULL-pointer dereferences in MP4/MOV demuxer CENC
handling. (boo#1234473)
* CVE-2024-47545: Fixed an integer underflow in FOURCC_strf parsing leading to
out-of-bounds read. (boo#1234476)
* CVE-2024-47546: Fixed an integer underflow in extract_cc_from_data leading
to out-of-bounds read. (boo#1234477)

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6
zypper in -t patch SUSE-2025-55=1 openSUSE-SLE-15.6-2025-55=1

* Basesystem Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP6-2025-55=1

* SUSE Linux Enterprise Workstation Extension 15 SP6
zypper in -t patch SUSE-SLE-Product-WE-15-SP6-2025-55=1

## Package List:

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
* gstreamer-plugins-good-qtqml-1.24.0-150600.3.3.1
* gstreamer-plugins-good-qtqml-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-extra-1.24.0-150600.3.3.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-1.24.0-150600.3.3.1
* gstreamer-plugins-good-gtk-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-jack-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.3.1
* gstreamer-plugins-good-extra-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-gtk-1.24.0-150600.3.3.1
* gstreamer-plugins-good-jack-1.24.0-150600.3.3.1
* openSUSE Leap 15.6 (x86_64)
* gstreamer-plugins-good-32bit-1.24.0-150600.3.3.1
* gstreamer-plugins-good-jack-32bit-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-extra-32bit-1.24.0-150600.3.3.1
* gstreamer-plugins-good-extra-32bit-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-jack-32bit-1.24.0-150600.3.3.1
* gstreamer-plugins-good-32bit-debuginfo-1.24.0-150600.3.3.1
* openSUSE Leap 15.6 (noarch)
* gstreamer-plugins-good-lang-1.24.0-150600.3.3.1
* openSUSE Leap 15.6 (aarch64_ilp32)
* gstreamer-plugins-good-64bit-1.24.0-150600.3.3.1
* gstreamer-plugins-good-jack-64bit-1.24.0-150600.3.3.1
* gstreamer-plugins-good-extra-64bit-1.24.0-150600.3.3.1
* gstreamer-plugins-good-64bit-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-jack-64bit-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-extra-64bit-debuginfo-1.24.0-150600.3.3.1
* Basesystem Module 15-SP6 (aarch64 ppc64le s390x x86_64)
* gstreamer-plugins-good-1.24.0-150600.3.3.1
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.3.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.3.1
* Basesystem Module 15-SP6 (noarch)
* gstreamer-plugins-good-lang-1.24.0-150600.3.3.1
* SUSE Linux Enterprise Workstation Extension 15 SP6 (x86_64)
* gstreamer-plugins-good-debugsource-1.24.0-150600.3.3.1
* gstreamer-plugins-good-gtk-1.24.0-150600.3.3.1
* gstreamer-plugins-good-debuginfo-1.24.0-150600.3.3.1
* gstreamer-plugins-good-gtk-debuginfo-1.24.0-150600.3.3.1

## References:

* https://www.suse.com/security/cve/CVE-2024-47530.html
* https://www.suse.com/security/cve/CVE-2024-47537.html
* https://www.suse.com/security/cve/CVE-2024-47539.html
* https://www.suse.com/security/cve/CVE-2024-47543.html
* https://www.suse.com/security/cve/CVE-2024-47544.html
* https://www.suse.com/security/cve/CVE-2024-47545.html
* https://www.suse.com/security/cve/CVE-2024-47546.html
* https://www.suse.com/security/cve/CVE-2024-47596.html
* https://www.suse.com/security/cve/CVE-2024-47597.html
* https://www.suse.com/security/cve/CVE-2024-47598.html
* https://www.suse.com/security/cve/CVE-2024-47599.html
* https://www.suse.com/security/cve/CVE-2024-47601.html
* https://www.suse.com/security/cve/CVE-2024-47602.html
* https://www.suse.com/security/cve/CVE-2024-47603.html
* https://www.suse.com/security/cve/CVE-2024-47606.html
* https://www.suse.com/security/cve/CVE-2024-47613.html
* https://www.suse.com/security/cve/CVE-2024-47774.html
* https://www.suse.com/security/cve/CVE-2024-47775.html
* https://www.suse.com/security/cve/CVE-2024-47776.html
* https://www.suse.com/security/cve/CVE-2024-47777.html
* https://www.suse.com/security/cve/CVE-2024-47778.html
* https://www.suse.com/security/cve/CVE-2024-47834.html
* https://bugzilla.suse.com/show_bug.cgi?id=1234414
* https://bugzilla.suse.com/show_bug.cgi?id=1234417
* https://bugzilla.suse.com/show_bug.cgi?id=1234421
* https://bugzilla.suse.com/show_bug.cgi?id=1234424
* https://bugzilla.suse.com/show_bug.cgi?id=1234425
* https://bugzilla.suse.com/show_bug.cgi?id=1234426
* https://bugzilla.suse.com/show_bug.cgi?id=1234427
* https://bugzilla.suse.com/show_bug.cgi?id=1234428
* https://bugzilla.suse.com/show_bug.cgi?id=1234432
* https://bugzilla.suse.com/show_bug.cgi?id=1234433
* https://bugzilla.suse.com/show_bug.cgi?id=1234434
* https://bugzilla.suse.com/show_bug.cgi?id=1234435
* https://bugzilla.suse.com/show_bug.cgi?id=1234436
* https://bugzilla.suse.com/show_bug.cgi?id=1234439
* https://bugzilla.suse.com/show_bug.cgi?id=1234440
* https://bugzilla.suse.com/show_bug.cgi?id=1234446
* https://bugzilla.suse.com/show_bug.cgi?id=1234447
* https://bugzilla.suse.com/show_bug.cgi?id=1234449
* https://bugzilla.suse.com/show_bug.cgi?id=1234462
* https://bugzilla.suse.com/show_bug.cgi?id=1234473
* https://bugzilla.suse.com/show_bug.cgi?id=1234476
* https://bugzilla.suse.com/show_bug.cgi?id=1234477


Firefox, Thunderbird, OpenShift, and more updates for RHEL

Python, Thunderbird, xfpt, Kernel, Go Networking updates for Ubuntu

Windows

Linux

macOS

Community

  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...
  • Philipp
    I would try the XanMod kernel: https://xanmod.orgĀ  I ...