Issued:: 2023-12-14
Updated:: 2023-12-14

RHSA-2023:7841 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gstreamer1-plugins-bad-free security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for x86_64 8 x86_64
Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Fixes

BZ - 2250249 - CVE-2023-44446 gstreamer: MXF demuxer use-after-free vulnerability

CVEs

CVE-2023-44446

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.i686.rpm	SHA-256: e1f0261f3911ab3c0ade0a09f818d826d13fa288343b68993b729f17f56a5340
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.x86_64.rpm	SHA-256: f482ccff23ac61c504bf6a371cb8f63b4a1303e44f591a03e8a1dd116554798e
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.i686.rpm	SHA-256: ec5f9e531f403594943d5786eb1aa96e92919e042944a8d494b1dbcce4b2275e
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.x86_64.rpm	SHA-256: 43a256a5e73472a2a20e161ce15f69da1dcce527cae3002613d6278d77b59487
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.i686.rpm	SHA-256: 825ea3fb98d73d6c5d4b006b1a05f7ceb42f20f0149b550fba8ac15788dd4e8f
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.x86_64.rpm	SHA-256: 593596b189352f8e4957bf696b85193ec2bee2becfe2849dec29fe7b2f6e323b

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
s390x
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.s390x.rpm	SHA-256: d55f9fb2f5ff9b761a0c254885bd54e1943aae5e8f67a6d9147716654fc070a6
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.s390x.rpm	SHA-256: 2fda7140c4b925dc0ae352f47f73846b685908c94633478bc1ad161c13c8bc9a
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.s390x.rpm	SHA-256: f9ccb6861ee994e999a0e8522ee74abeb8238de4be3ed1a991dade37da9d69a5

Red Hat Enterprise Linux for Power, little endian 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 24e67d636fc5b663922fcd7c43a91a4700090a0dcfcf70187ccc676942b8e43c
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 54c9921b5aa05c09fcec9c872134a3b1888f47d4edbc0c07ca56d2ed9f6ceebe
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 57b4db5ba2e3153e418e2e72baff4b102c882eb4c863528bd234253a06da3203

Red Hat Enterprise Linux for ARM 64 8

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
aarch64
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 70d36c44f3296d87438468967e8a7946af16bff81b83fb928a46cb84fd60ba50
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 263e985413e623bba44c81ee4e3a8e654bd9ccc1cabefe27177d1a7285d4b552
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 0888ab2b5a9fecf1169938346e424d06049473dd60bae4748caf3e4d5ec3f174

Red Hat CodeReady Linux Builder for x86_64 8

SRPM
x86_64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.i686.rpm	SHA-256: ec5f9e531f403594943d5786eb1aa96e92919e042944a8d494b1dbcce4b2275e
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.x86_64.rpm	SHA-256: 43a256a5e73472a2a20e161ce15f69da1dcce527cae3002613d6278d77b59487
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.i686.rpm	SHA-256: 825ea3fb98d73d6c5d4b006b1a05f7ceb42f20f0149b550fba8ac15788dd4e8f
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.x86_64.rpm	SHA-256: 593596b189352f8e4957bf696b85193ec2bee2becfe2849dec29fe7b2f6e323b
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.i686.rpm	SHA-256: 2739e7f60499b67bdb3e08cc8542cd7fc29dffa803caf540908f587703778579
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.x86_64.rpm	SHA-256: 17d6e4bb736759755d4c62b071924a1289afb7063be9f31f0640306b6bdfa0fa

Red Hat CodeReady Linux Builder for Power, little endian 8

SRPM
ppc64le
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 54c9921b5aa05c09fcec9c872134a3b1888f47d4edbc0c07ca56d2ed9f6ceebe
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 57b4db5ba2e3153e418e2e72baff4b102c882eb4c863528bd234253a06da3203
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 2f9f415d04c0449956768dc0130ba065a0a463e9b0038cbe01e461ee0a1b4d9a

Red Hat CodeReady Linux Builder for ARM 64 8

SRPM
aarch64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 263e985413e623bba44c81ee4e3a8e654bd9ccc1cabefe27177d1a7285d4b552
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 0888ab2b5a9fecf1169938346e424d06049473dd60bae4748caf3e4d5ec3f174
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.aarch64.rpm	SHA-256: feb3360bcb245fd0cca9df8cbdaed7d8f7a49f6f199d77a6b74fc6829badf830

Red Hat CodeReady Linux Builder for IBM z Systems 8

SRPM
s390x
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.s390x.rpm	SHA-256: 2fda7140c4b925dc0ae352f47f73846b685908c94633478bc1ad161c13c8bc9a
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.s390x.rpm	SHA-256: f9ccb6861ee994e999a0e8522ee74abeb8238de4be3ed1a991dade37da9d69a5
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_9.s390x.rpm	SHA-256: 8c32edbdefec508ba8a92c9e26b98c75a761e0d73e05402b577827b3df1f6d0a

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.i686.rpm	SHA-256: e1f0261f3911ab3c0ade0a09f818d826d13fa288343b68993b729f17f56a5340
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.x86_64.rpm	SHA-256: f482ccff23ac61c504bf6a371cb8f63b4a1303e44f591a03e8a1dd116554798e
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.i686.rpm	SHA-256: ec5f9e531f403594943d5786eb1aa96e92919e042944a8d494b1dbcce4b2275e
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.x86_64.rpm	SHA-256: 43a256a5e73472a2a20e161ce15f69da1dcce527cae3002613d6278d77b59487
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.i686.rpm	SHA-256: 825ea3fb98d73d6c5d4b006b1a05f7ceb42f20f0149b550fba8ac15788dd4e8f
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.x86_64.rpm	SHA-256: 593596b189352f8e4957bf696b85193ec2bee2becfe2849dec29fe7b2f6e323b

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
aarch64
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 70d36c44f3296d87438468967e8a7946af16bff81b83fb928a46cb84fd60ba50
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 263e985413e623bba44c81ee4e3a8e654bd9ccc1cabefe27177d1a7285d4b552
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.aarch64.rpm	SHA-256: 0888ab2b5a9fecf1169938346e424d06049473dd60bae4748caf3e4d5ec3f174

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 24e67d636fc5b663922fcd7c43a91a4700090a0dcfcf70187ccc676942b8e43c
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 54c9921b5aa05c09fcec9c872134a3b1888f47d4edbc0c07ca56d2ed9f6ceebe
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.ppc64le.rpm	SHA-256: 57b4db5ba2e3153e418e2e72baff4b102c882eb4c863528bd234253a06da3203

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.src.rpm	SHA-256: 86a64e15e43cc3e323ac0a70bb48109a06eedd3fc005bea50598e9379fae0f08
s390x
gstreamer1-plugins-bad-free-1.16.1-2.el8_9.s390x.rpm	SHA-256: d55f9fb2f5ff9b761a0c254885bd54e1943aae5e8f67a6d9147716654fc070a6
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_9.s390x.rpm	SHA-256: 2fda7140c4b925dc0ae352f47f73846b685908c94633478bc1ad161c13c8bc9a
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_9.s390x.rpm	SHA-256: f9ccb6861ee994e999a0e8522ee74abeb8238de4be3ed1a991dade37da9d69a5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation