Red Hat Product Errata RHSA-2023:7872 - Security Advisory
Issued:
2023-12-18
Updated:
2023-12-18

RHSA-2023:7872 - Security Advisory

Synopsis

Important: gstreamer1-plugins-bad-free security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

  • gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

  • BZ - 2250249 - CVE-2023-44446 gstreamer: MXF demuxer use-after-free vulnerability

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.i686.rpm SHA-256: 008621adac42a28e4d02ea6e65bf9c9c03a8e9e94022cc4c97fdc7f39ff47954
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.x86_64.rpm SHA-256: 498f8989b0d85560836851d883bc346c7a06c74f388f488437e10fafa1e1bad1
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.i686.rpm SHA-256: 3c31e45e7497a2e6cdf4cf7528c184d06f8a42242a509ebdb7602f381ab59431
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.x86_64.rpm SHA-256: 756d1f312d8757088f8ce19cb784051556a27244465d5dacc5e0323c120efa8d
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.i686.rpm SHA-256: c564758a570ae821a277d0a0ca5981f31a32b0a220762f388a5c78835d179a23
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.x86_64.rpm SHA-256: f4fee8cca50a084fc5f6ee09ccc39eb5f7fe1eb6bd32823087e878438bd6c071

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.i686.rpm SHA-256: 008621adac42a28e4d02ea6e65bf9c9c03a8e9e94022cc4c97fdc7f39ff47954
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.x86_64.rpm SHA-256: 498f8989b0d85560836851d883bc346c7a06c74f388f488437e10fafa1e1bad1
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.i686.rpm SHA-256: 3c31e45e7497a2e6cdf4cf7528c184d06f8a42242a509ebdb7602f381ab59431
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.x86_64.rpm SHA-256: 756d1f312d8757088f8ce19cb784051556a27244465d5dacc5e0323c120efa8d
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.i686.rpm SHA-256: c564758a570ae821a277d0a0ca5981f31a32b0a220762f388a5c78835d179a23
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.x86_64.rpm SHA-256: f4fee8cca50a084fc5f6ee09ccc39eb5f7fe1eb6bd32823087e878438bd6c071

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.i686.rpm SHA-256: 008621adac42a28e4d02ea6e65bf9c9c03a8e9e94022cc4c97fdc7f39ff47954
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.x86_64.rpm SHA-256: 498f8989b0d85560836851d883bc346c7a06c74f388f488437e10fafa1e1bad1
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.i686.rpm SHA-256: 3c31e45e7497a2e6cdf4cf7528c184d06f8a42242a509ebdb7602f381ab59431
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.x86_64.rpm SHA-256: 756d1f312d8757088f8ce19cb784051556a27244465d5dacc5e0323c120efa8d
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.i686.rpm SHA-256: c564758a570ae821a277d0a0ca5981f31a32b0a220762f388a5c78835d179a23
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.x86_64.rpm SHA-256: f4fee8cca50a084fc5f6ee09ccc39eb5f7fe1eb6bd32823087e878438bd6c071

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
s390x
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.s390x.rpm SHA-256: e9bf2011b8578d9acf24937f0847947c3940192b19a74402f92e978915e84454
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.s390x.rpm SHA-256: e27a7f227be120fa626a9391aaddf98ec492d5caa61c187d2e08316ef3d674df
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.s390x.rpm SHA-256: b1cfe96a2b95c35d9c87148c3a942d4a4fffab767ddec4008a6da31fe9aec2b6

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 9f274d48825809daa00b20983a10b88067c563ec1a6e491f7e580022519b8d3e
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 7c5bb967783de781d2e5c75910a1ceb0267356ebd80662554bea40a9ce8fa5c8
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 69532841b30277582a0caab455a260a2ecebebfb1eee3dd924fd4646eb629b52

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.i686.rpm SHA-256: 008621adac42a28e4d02ea6e65bf9c9c03a8e9e94022cc4c97fdc7f39ff47954
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.x86_64.rpm SHA-256: 498f8989b0d85560836851d883bc346c7a06c74f388f488437e10fafa1e1bad1
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.i686.rpm SHA-256: 3c31e45e7497a2e6cdf4cf7528c184d06f8a42242a509ebdb7602f381ab59431
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.x86_64.rpm SHA-256: 756d1f312d8757088f8ce19cb784051556a27244465d5dacc5e0323c120efa8d
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.i686.rpm SHA-256: c564758a570ae821a277d0a0ca5981f31a32b0a220762f388a5c78835d179a23
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.x86_64.rpm SHA-256: f4fee8cca50a084fc5f6ee09ccc39eb5f7fe1eb6bd32823087e878438bd6c071

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
aarch64
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.aarch64.rpm SHA-256: 6dabbf4b9770e16cf1466eba0485a1f4ae8a85f16aaf74a146662822334f4bee
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.aarch64.rpm SHA-256: 34afbc8fe776ed3fe2d8b46f9563a786131989072aa65d3b8f767a4d508aa1e4
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.aarch64.rpm SHA-256: ca005c7cc1db730cbae566593e7a3cc34d4b768092b1bd8f716abb4c7bd424bf

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
ppc64le
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 9f274d48825809daa00b20983a10b88067c563ec1a6e491f7e580022519b8d3e
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 7c5bb967783de781d2e5c75910a1ceb0267356ebd80662554bea40a9ce8fa5c8
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 69532841b30277582a0caab455a260a2ecebebfb1eee3dd924fd4646eb629b52

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.src.rpm SHA-256: 59f4650abc31894d61777b69aea26cef487eaf0fba5410f29ea5e09c3b8d8a18
x86_64
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.i686.rpm SHA-256: 008621adac42a28e4d02ea6e65bf9c9c03a8e9e94022cc4c97fdc7f39ff47954
gstreamer1-plugins-bad-free-1.16.1-2.el8_6.x86_64.rpm SHA-256: 498f8989b0d85560836851d883bc346c7a06c74f388f488437e10fafa1e1bad1
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.i686.rpm SHA-256: 3c31e45e7497a2e6cdf4cf7528c184d06f8a42242a509ebdb7602f381ab59431
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.x86_64.rpm SHA-256: 756d1f312d8757088f8ce19cb784051556a27244465d5dacc5e0323c120efa8d
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.i686.rpm SHA-256: c564758a570ae821a277d0a0ca5981f31a32b0a220762f388a5c78835d179a23
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.x86_64.rpm SHA-256: f4fee8cca50a084fc5f6ee09ccc39eb5f7fe1eb6bd32823087e878438bd6c071

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM
x86_64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.i686.rpm SHA-256: 3c31e45e7497a2e6cdf4cf7528c184d06f8a42242a509ebdb7602f381ab59431
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.x86_64.rpm SHA-256: 756d1f312d8757088f8ce19cb784051556a27244465d5dacc5e0323c120efa8d
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.i686.rpm SHA-256: c564758a570ae821a277d0a0ca5981f31a32b0a220762f388a5c78835d179a23
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.x86_64.rpm SHA-256: f4fee8cca50a084fc5f6ee09ccc39eb5f7fe1eb6bd32823087e878438bd6c071
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_6.i686.rpm SHA-256: aa7de53850e20c03694ed9d70730fedc15c7dd25f461a56b2411d760dcadfeb7
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_6.x86_64.rpm SHA-256: aeeae44a9150bf35bcea6b343430029dbd3bc65223f5d730dd57582f001867fb

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 8.6

SRPM
ppc64le
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 7c5bb967783de781d2e5c75910a1ceb0267356ebd80662554bea40a9ce8fa5c8
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 69532841b30277582a0caab455a260a2ecebebfb1eee3dd924fd4646eb629b52
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_6.ppc64le.rpm SHA-256: 1e9522c2555fd34bb7b56c61edb4a548ff09b0923d7b1e7d502b1bd8d9f184c8

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6

SRPM
s390x
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.s390x.rpm SHA-256: e27a7f227be120fa626a9391aaddf98ec492d5caa61c187d2e08316ef3d674df
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.s390x.rpm SHA-256: b1cfe96a2b95c35d9c87148c3a942d4a4fffab767ddec4008a6da31fe9aec2b6
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_6.s390x.rpm SHA-256: d053a3ae2d56ded7c0e2c055225635f3d682992e062b40ec9647422ae37e26ac

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6

SRPM
aarch64
gstreamer1-plugins-bad-free-debuginfo-1.16.1-2.el8_6.aarch64.rpm SHA-256: 34afbc8fe776ed3fe2d8b46f9563a786131989072aa65d3b8f767a4d508aa1e4
gstreamer1-plugins-bad-free-debugsource-1.16.1-2.el8_6.aarch64.rpm SHA-256: ca005c7cc1db730cbae566593e7a3cc34d4b768092b1bd8f716abb4c7bd424bf
gstreamer1-plugins-bad-free-devel-1.16.1-2.el8_6.aarch64.rpm SHA-256: 6e97089127ef7359e731c6918c0f7cf12bdd37b90161b8fcba31948ede9c0d30

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.