Red Hat Product Errata RHSA-2023:7840 - Security Advisory
Issued:
2023-12-14
Updated:
2023-12-14

RHSA-2023:7840 - Security Advisory

Synopsis

Important: gstreamer1-plugins-bad-free security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.8 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

  • gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8 aarch64

Fixes

  • BZ - 2250249 - CVE-2023-44446 gstreamer: MXF demuxer use-after-free vulnerability

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.i686.rpm SHA-256: 0f3508a12c451f6f32318925cf53308caa0c77d8e22881c7ed63bdc6e982744c
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.x86_64.rpm SHA-256: fd84fcfc8b5499d283cead5fd1549e8203b5d7a94aba501a530ff2e7691c1b29
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
s390x
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.s390x.rpm SHA-256: 2590a850fc3988c32ef6b900c620738a7c87e9b16c2d2405624d931462997c2c
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.s390x.rpm SHA-256: 47128ac31d97aec501a4fad75ae421e3692d81dc1713e95c860be7a0b1e0bfc8
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.s390x.rpm SHA-256: eb64bbabae945c860e7b97bc88735c0eec93329fbcac422e1ba77f29c2bd195d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.ppc64le.rpm SHA-256: ef9d0388c3afcc79fec7cde00410446436dfeb45ae70a624f04845f8c3baef43
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.ppc64le.rpm SHA-256: 91f0ec5f5d154ac9fbf93f71ce70a808379f5c4368eb843585e31bd91cd2e6a3
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.ppc64le.rpm SHA-256: a84f3f60a2d5ccce96068c8d4cee30125c135e81ea860ee0973b519779cf73c3

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.i686.rpm SHA-256: 0f3508a12c451f6f32318925cf53308caa0c77d8e22881c7ed63bdc6e982744c
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.x86_64.rpm SHA-256: fd84fcfc8b5499d283cead5fd1549e8203b5d7a94aba501a530ff2e7691c1b29
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
aarch64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.aarch64.rpm SHA-256: 03dbd137c55839666efd801a480c3d7ff51be56ac94f938fc7c63df5ec9da9c9
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.aarch64.rpm SHA-256: e3cbac4db4ac9f19e9d5c905e19c09837d8eeda73abc379d987390ee806e15c2
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.aarch64.rpm SHA-256: 290d162553f9501a5c6561e10d6a2469d24e1aacd22390596741f379b1401fdd

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.ppc64le.rpm SHA-256: ef9d0388c3afcc79fec7cde00410446436dfeb45ae70a624f04845f8c3baef43
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.ppc64le.rpm SHA-256: 91f0ec5f5d154ac9fbf93f71ce70a808379f5c4368eb843585e31bd91cd2e6a3
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.ppc64le.rpm SHA-256: a84f3f60a2d5ccce96068c8d4cee30125c135e81ea860ee0973b519779cf73c3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.src.rpm SHA-256: b7784289dded5e26bc36940ea0f60d84a235855d59b9a2de423eee48c5e25673
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.i686.rpm SHA-256: 0f3508a12c451f6f32318925cf53308caa0c77d8e22881c7ed63bdc6e982744c
gstreamer1-plugins-bad-free-1.16.1-2.el8_8.x86_64.rpm SHA-256: fd84fcfc8b5499d283cead5fd1549e8203b5d7a94aba501a530ff2e7691c1b29
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.8

SRPM
x86_64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.i686.rpm SHA-256: 3c4b88b2f29405a5ea31577fd94311b2ee332292f137334fe514f53c4001c401
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.x86_64.rpm SHA-256: 0e4b195ebc378c22067cb7f51edc93a903edcffb4b9bc33ac293dcf7b8abaf05
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.i686.rpm SHA-256: 2716ded51c99579ef65e82702f16bde5e776e95cc2693e98493fc18d4693c48b
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.x86_64.rpm SHA-256: 7d7342c26c366213b55ff6a64d098a4624cdbe547f511d9082725451834b572b
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.i686.rpm SHA-256: 715a0a6103aa546aea005e7848599f008bf359bc28177d4e696bd26ddbfc6870
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.x86_64.rpm SHA-256: 4dcc2fea8674fc4b7043c4c36fbf46c8dfef4377d227424b1913fb117fdda574

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.8

SRPM
ppc64le
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.ppc64le.rpm SHA-256: 91f0ec5f5d154ac9fbf93f71ce70a808379f5c4368eb843585e31bd91cd2e6a3
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.ppc64le.rpm SHA-256: a84f3f60a2d5ccce96068c8d4cee30125c135e81ea860ee0973b519779cf73c3
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.ppc64le.rpm SHA-256: 9779f89a66b65a0256c72d4a57f42aeedec63edc453d93fa832aec0c7f2cc06d

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.8

SRPM
s390x
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.s390x.rpm SHA-256: 47128ac31d97aec501a4fad75ae421e3692d81dc1713e95c860be7a0b1e0bfc8
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.s390x.rpm SHA-256: eb64bbabae945c860e7b97bc88735c0eec93329fbcac422e1ba77f29c2bd195d
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.s390x.rpm SHA-256: 850b472c967aedffe6cffd18db56ffe4631350bb460e9a02a4b7a7a96a4f41f3

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.8

SRPM
aarch64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_8.aarch64.rpm SHA-256: e3cbac4db4ac9f19e9d5c905e19c09837d8eeda73abc379d987390ee806e15c2
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_8.aarch64.rpm SHA-256: 290d162553f9501a5c6561e10d6a2469d24e1aacd22390596741f379b1401fdd
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_8.aarch64.rpm SHA-256: 30a01afda72856454753e6826642a70d2d8f27757882916e11065324c2ac3bda

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.