Security update for gstreamer-plugins-bad, libvpl
This update for gstreamer-plugins-bad, libvpl fixes the following issues:
- Dropped support for libmfx to fix the following CVEs:
* libmfx: improper input validation (CVE-2023-48368, bsc#1226897)
* libmfx: improper buffer restrictions (CVE-2023-45221, bsc#1226898)
* libmfx: out-of-bounds read (CVE-2023-22656, bsc#1226899)
* libmfx: out-of-bounds write (CVE-2023-47282, bsc#1226900)
* libmfx: improper buffer restrictions (CVE-2023-47169, bsc#1226901)
The libmfx dependency is replaced by libvpl.
-
Submitted by
Stefan Dirsch (sndirsch)
Fixed bugs
bnc#1226901
VUL-0: CVE-2023-47169: libmfx: improper buffer restrictions
bnc#1223263
VUL-0: CVE-2023-50186: gstreamer-plugins-bad: buffer overflow vulnerability
bnc#1226900
VUL-0: CVE-2023-47282: libmfx: out-of-bounds write
bnc#1226898
VUL-0: CVE-2023-45221: libmfx: improper buffer restrictions
bnc#1226892
L3: L3-Question: Multiple vulnerabilities in the Intel Media SDK (libmfx1) — ref:_00D1igLOd._500TrCexKD:ref
bnc#1218534
VUL-0: gstreamer-plugins-bad: Heap-based buffer overflow in the AV1 codec parser (ZDI-CAN-22300)
bnc#1226899
VUL-0: CVE-2023-22656: libmfx: out-of-bounds read
bnc#1226897
VUL-0: CVE-2023-48368: libmfx: improper input validation
bnc#1219494
libmfx no longer supported
