Opened 6 months ago

Closed 6 months ago

Last modified 7 weeks ago

#14776 closed enhancement (fixed)

gstreamer-1.18.4 gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav gstreamer-vaapi

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version of all the gstreamer components

The GStreamer team is pleased to announce another bug fix release in
the stable 1.18 release series.

This release only contains bug fixes and security fixes. It should be
safe to upgrade from 1.18.x

We recommend you upgrade at the earliest opportunity.

Highlighted bugfixes:

 - important security fixes for ID3 tag reading,
   matroska and realmedia parsing, and gst-libav audio decoding
 - audiomixer, audioaggregator: input buffer handling fixes
 - decodebin3: improve stream-selection message handling
 - uridecodebin3: make "caps" property work
 - wavenc: fix writing of INFO chunks in some cases
 - v4l2: bt601 colorimetry, allow encoder resolution changes,
   fix decoder frame rate negotiation
 - decklinkvideosink: fix auto format detection, and
   fixes for 29.97fps framerate output
 - mpeg-2 video handling fixes when seeking
 - avviddec: fix bufferpool negotiation and possible
   memory corruption when changing resolution
 - various stability, performance and reliability improvements
 - memory leak fixes
 - build fixes: rpicamsrc, qt overlay example, d3d11videosink on UWP

Release notes with details about changes and fixed bugs can be found
at:

  https://gstreamer.freedesktop.org/releases/1.18/#1.18.4

For details about the security fixes (which also apply to older
branches) see:

  https://gstreamer.freedesktop.org/security/

Binaries for Android, iOS, Mac OS X and Windows should be available
soon.

As always, please let us know of any issues you run into by filing an
issue or Merge Request in Gitlab: 

  https://gitlab.freedesktop.org/gstreamer/
  
Thanks!

Very important security fixes in this one

Change History (15)

comment:1 by Douglas R. Reno, 6 months ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 6 months ago

First, the security information...

Security Advisory 2021-0001

Security Advisory 2021-0001
Summary 	Out-of-bounds read in ID3v2 tag parsing
Date 	2021-03-15 16:00
Affected Versions 	GStreamer gst-plugins-base 1.x <= 1.18.3, 0.10.36
ID 	GStreamer-SA-2021-0001

Details
GStreamer before 1.18.4 might do an out-of-bounds read when handling certain ID3v2 tags.
Impact

It might be possible for a malicious third party to trigger a crash in the application.

Threat mitigation

Workarounds

Solution
The gst-plugins-base 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References
The GStreamer project
https://gstreamer.freedesktop.org
GStreamer 1.18.4 release
Release Notes GStreamer Plugins Base 1.18.4

Patches
Patch 1

comment:3 by Douglas R. Reno, 6 months ago

Security Advisory 2021-0002

Security Advisory 2021-0002
Summary 	Use-after-free in matroska demuxing
Date 	2021-03-15 16:00
Affected Versions 	GStreamer gst-plugins-good 1.x <= 1.18.3, 0.10.x > 0.10.8
ID 	GStreamer-SA-2021-0002

Details
GStreamer before 1.18.4 might access already-freed memory in error code paths when demuxing certain malformed Matroska files.

Impact

It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user.

Threat mitigation

Workarounds

Solution
The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References
The GStreamer project
https://gstreamer.freedesktop.org
GStreamer 1.18.4 release
Release Notes GStreamer Plugins Good 1.18.4

Patches
Patch 1

comment:4 by Douglas R. Reno, 6 months ago

Security Advisory 2021-0003

Security Advisory 2021-0003
Summary 	Heap corruption in matroska demuxing
Date 	2021-03-15 16:00
Affected Versions 	GStreamer gst-plugins-good 1.x <= 1.18.3
ID 	GStreamer-SA-2021-0003

Details
GStreamer before 1.18.4 might cause heap corruption when parsing certain malformed Matroska files.

Impact
It might be possible for a malicious third party to trigger a crash in the application, but possibly also an arbitrary code execution with the privileges of the target user.

Threat mitigation

Workarounds

Solution
The gst-plugins-good 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References
The GStreamer project
https://gstreamer.freedesktop.org
GStreamer 1.18.4 release
Release Notes GStreamer Plugins Good 1.18.4

Patches
Patch 1

comment:5 by Douglas R. Reno, 6 months ago

Security Advisory 2021-0004

Security Advisory 2021-0004
Summary 	Out-of-bounds read in realmedia demuxing
Date 	2021-03-15 16:00
Affected Versions 	GStreamer gst-plugins-ugly 1.x <= 1.18.3
ID 	GStreamer-SA-2021-0004

Details
GStreamer before 1.18.4 might do an out-of-bounds read when handling certain RealMedia files or streams.

Impact

It might be possible for a malicious third party to trigger a crash in the application.
Threat mitigation

Workarounds

Solution
The gst-plugins-ugly 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References
The GStreamer project
https://gstreamer.freedesktop.org
GStreamer 1.18.4 release
Release Notes GStreamer Plugins Ugly 1.18.4

Patches
Patch 1

comment:6 by Douglas R. Reno, 6 months ago

Security Advisory 2021-0005

Security Advisory 2021-0005
Summary 	Stack overflow in gst_ffmpeg_channel_layout_to_gst()
Date 	2021-03-15 16:00
Affected Versions 	GStreamer gst-libav 1.x <= 1.18.3
ID 	GStreamer-SA-2021-0005

Details
GStreamer before 1.18.4 might cause stack corruptions with streams that have more than 64 audio channels

Impact
It might be possible for a malicious third party to trigger a crash in the application.

Threat mitigation

Workarounds

Solution
The gst-libav 1.18.4 release addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

References
The GStreamer project
https://gstreamer.freedesktop.org
GStreamer 1.18.4 release
Release Notes GStreamer plugin for the FFmpeg libav* libraries 1.18.4

Patches
Patch 1

comment:7 by Douglas R. Reno, 6 months ago

gstreamer release notes

gstreamer

    info: Don't leak log function user_data if the debug system is compiled out
    task: Use SetThreadDescription() Win32 API for setting thread names, which preserves thread names in dump files.
    buffer, memory: Mark info in map functions as caller-allocates and pass allocation params as const pointers where possible
    clock: define AUTO_CLEANUP_FREE_FUNC for GstClockID

comment:8 by Douglas R. Reno, 6 months ago

gst-plugins-base

gst-plugins-base

    tag: id3v2: fix frame size check and potential invalid reads
    audio: Fix gst_audio_buffer_truncate() meta handling for non-interleaved audio
    audioresample: respect buffer layout when draining
    audioaggregator: fix input_buffer ownership
    decodebin3: change stream selection message owner, so that the app sends the stream-selection event to the right element
    rtspconnection: correct data_size when tunneled mode
    uridecodebin3: make caps property work
    video-converter: Don't upsample invalid lines
    videodecoder: Fix racy critical when pool negotiation occurs during flush
    video: Convert gst_video_info_to_caps() to take self as const ptr
    examples: added qt core dependency for qt overlay example

comment:9 by Douglas R. Reno, 6 months ago

gst-plugins-good

    matroskademux: header parsing fixes
    rpicamsrc: depend on posix threads and vchiq_arm to fix build on raspios again
    wavenc: Fixed INFO chunk corruption, caused by odd sized data not being padded
    wavpackdec: Add floating point format support to fix distortions in some cases
    v4l2: recognize V4L2 bt601 colorimetry again
    v4l2videoenc: support resolution change stream encode
    v4l2h265codec: fix HEVC profile string issue
    v4l2object: Need keep same transfer as input caps
    v4l2videodec: Fix vp8 and vp9 streams can't play on board with vendor bsp
    v4l2videodec: fix src side frame rate negotiation

comment:10 by Douglas R. Reno, 6 months ago

gst-plugins-bad

gst-plugins-bad

    avwait: Don't post messages with the mutex locked
    d3d11h264dec: Reconfigure decoder object on DPB size change and keep track of actually configured DPB size
    dashsink: fix double unref of sinkpad caps
    decklinkvideosink: Use correct numerator for 29.97fps
    decklinkvideosink: fix auto format detection
    decklinksrc: Use a more accurate capture time
    d3d11videosink: Fix build error on UWP
    interlace: negotiation and buffer leak fixes
    mpegvideoparse: do not clip, so decoder receives data from keyframe even if it's before the segment start
    mpegtsparse: Fix switched DTS/PTS when set-timestamps=false
    nvh264sldec: Reopen decoder object if larger DPB size is required
    sdpsrc: fix double free if sdp is provided as string via the property
    vulkan: Fix elements long name.

comment:11 by Douglas R. Reno, 6 months ago

gst-plugins-ugly

gst-plugins-ugly

    rmdemux: Make sure we have enough data available when parsing audio/video packets

comment:12 by Douglas R. Reno, 6 months ago

gst-libav

gst-libav

    avviddec: take the maximum of the height/coded_height
    viddec: don't configure an incorrect buffer pool when receiving a gap event
    audiodec: fix stack overflow in gst_ffmpeg_channel_layout_to_gst()

comment:13 by Douglas R. Reno, 6 months ago

gstreamer-vaapi

gstreamer-vaapi

    h264 encoder: append encoder exposure to aud
    postproc: Fix a problem of propose_allocation when passthrough
    glx: Iterate over FBConfig and select 8 bit color size

comment:14 by Douglas R. Reno, 6 months ago

Resolution: fixed
Status: assignedclosed

Fixed at r24375

comment:15 by Bruce Dubbs, 7 weeks ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.