Issued:: 2023-12-14
Updated:: 2023-12-14

RHSA-2023:7840 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gstreamer1-plugins-bad-free security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64

Fixes

BZ - 2250249 - CVE-2023-44446 gstreamer: MXF demuxer use-after-free vulnerability

CVEs

CVE-2023-44446

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.i686.rpm	SHA-256: 0f3508a12c451f6f32318925cf53308caa0c77d8e22881c7ed63bdc6e982744c
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.x86_64.rpm	SHA-256: fd84fcfc8b5499d283cead5fd1549e8203b5d7a94aba501a530ff2e7691c1b29
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm	SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm	SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.i686.rpm	SHA-256: 0f3508a12c451f6f32318925cf53308caa0c77d8e22881c7ed63bdc6e982744c
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.x86_64.rpm	SHA-256: fd84fcfc8b5499d283cead5fd1549e8203b5d7a94aba501a530ff2e7691c1b29
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm	SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm	SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
s390x
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.s390x.rpm	SHA-256: 2590a850fc3988c32ef6b900c620738a7c87e9b16c2d2405624d931462997c2c
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.s390x.rpm	SHA-256: 47128ac31d97aec501a4fad75ae421e3692d81dc1713e95c860be7a0b1e0bfc8
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.s390x.rpm	SHA-256: eb64bbabae945c860e7b97bc88735c0eec93329fbcac422e1ba77f29c2bd195d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: ef9d0388c3afcc79fec7cde00410446436dfeb45ae70a624f04845f8c3baef43
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: 91f0ec5f5d154ac9fbf93f71ce70a808379f5c4368eb843585e31bd91cd2e6a3
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: a84f3f60a2d5ccce96068c8d4cee30125c135e81ea860ee0973b519779cf73c3

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.i686.rpm	SHA-256: 0f3508a12c451f6f32318925cf53308caa0c77d8e22881c7ed63bdc6e982744c
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.x86_64.rpm	SHA-256: fd84fcfc8b5499d283cead5fd1549e8203b5d7a94aba501a530ff2e7691c1b29
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm	SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm	SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
aarch64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.aarch64.rpm	SHA-256: 03dbd137c55839666efd801a480c3d7ff51be56ac94f938fc7c63df5ec9da9c9
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.aarch64.rpm	SHA-256: e3cbac4db4ac9f19e9d5c905e19c09837d8eeda73abc379d987390ee806e15c2
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.aarch64.rpm	SHA-256: 290d162553f9501a5c6561e10d6a2469d24e1aacd22390596741f379b1401fdd

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: ef9d0388c3afcc79fec7cde00410446436dfeb45ae70a624f04845f8c3baef43
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: 91f0ec5f5d154ac9fbf93f71ce70a808379f5c4368eb843585e31bd91cd2e6a3
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: a84f3f60a2d5ccce96068c8d4cee30125c135e81ea860ee0973b519779cf73c3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm	SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.i686.rpm	SHA-256: 0f3508a12c451f6f32318925cf53308caa0c77d8e22881c7ed63bdc6e982744c
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.x86_64.rpm	SHA-256: fd84fcfc8b5499d283cead5fd1549e8203b5d7a94aba501a530ff2e7691c1b29
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm	SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm	SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8

SRPM
x86_64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm	SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm	SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.i686.rpm	SHA-256: 715a0a6103aa546aea005e7848599f008bf359bc28177d4e696bd26ddbfc6870
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.x86_64.rpm	SHA-256: 4dcc2fea8674fc4b7043c4c36fbf46c8dfef4377d227424b1913fb117fdda574

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8

SRPM
ppc64le
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: 91f0ec5f5d154ac9fbf93f71ce70a808379f5c4368eb843585e31bd91cd2e6a3
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: a84f3f60a2d5ccce96068c8d4cee30125c135e81ea860ee0973b519779cf73c3
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.ppc64le.rpm	SHA-256: 9779f89a66b65a0256c72d4a57f42aeedec63edc453d93fa832aec0c7f2cc06d

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8

SRPM
s390x
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.s390x.rpm	SHA-256: 47128ac31d97aec501a4fad75ae421e3692d81dc1713e95c860be7a0b1e0bfc8
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.s390x.rpm	SHA-256: eb64bbabae945c860e7b97bc88735c0eec93329fbcac422e1ba77f29c2bd195d
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.s390x.rpm	SHA-256: 850b472c967aedffe6cffd18db56ffe4631350bb460e9a02a4b7a7a96a4f41f3

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8

SRPM
aarch64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.aarch64.rpm	SHA-256: e3cbac4db4ac9f19e9d5c905e19c09837d8eeda73abc379d987390ee806e15c2
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.aarch64.rpm	SHA-256: 290d162553f9501a5c6561e10d6a2469d24e1aacd22390596741f379b1401fdd
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.aarch64.rpm	SHA-256: 30a01afda72856454753e6826642a70d2d8f27757882916e11065324c2ac3bda

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation