Issued:: 2023-12-18
Updated:: 2023-12-18

RHSA-2023:7873 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gstreamer1-plugins-bad-free security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-bad-free is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

gstreamer: AV1 codec parser heap-based buffer overflow (CVE-2023-44429)
gstreamer: MXF demuxer use-after-free vulnerability (CVE-2023-44446)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0 ppc64le
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

BZ - 2250247 - CVE-2023-44429 gstreamer: AV1 codec parser heap-based buffer overflow
BZ - 2250249 - CVE-2023-44446 gstreamer: MXF demuxer use-after-free vulnerability

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
x86_64
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.i686.rpm	SHA-256: 0ad706171622f5a044f457f9dfb4115465d6773d3e74fbaa5286a697e7023ca3
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.x86_64.rpm	SHA-256: d518292ec6b707af888c24486fc8f79739ec983e6cc137c5f83a4937ba7d7e90
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.i686.rpm	SHA-256: 03fd2b8e0767f708ac738071d309bdbf6a7f8cb99966b4dfe02061b06eb86af3
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.x86_64.rpm	SHA-256: 97e239945079deecd22bfd63e9fda675ffb445d767b653f16d31af17ceedf6ac
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.i686.rpm	SHA-256: 165a8215407198813ef77e6ede729797d8c9f37c257fac25070d998a14cc1ffc
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.x86_64.rpm	SHA-256: a48d301a44cea0b57f2be7fe125e32cdc0409953bbfdb2d1201d9f7cb08fef0e

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
s390x
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.s390x.rpm	SHA-256: 80969161382ed17f9a03e09139ea5f900eda81aff5d90b6f0a9241742e0e3858
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.s390x.rpm	SHA-256: a3079811208170910558bab3538a56bc3e9b9cd1a1841d48dc5ec5c9418b1089
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.s390x.rpm	SHA-256: e896c80265da07dcd5290e6f5faa09b940af6ddd34ec12ad1d3c8c6315b31e82

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
ppc64le
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: e34e366fbe99ec91e57c9b6cfcfaa314573d2a96dd0593102e1fe39bcbc9af9c
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: d3a18bbf279679c52ac7b7abcd45382164090edd6cdc9a3f22cb0cbd43713356
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: 2c835fc3ad69bdf4ded0bc479c12457892742890430eb3c38717ba717da15ae4

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
aarch64
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.aarch64.rpm	SHA-256: 81d16c93ad44e9216d93432619c64dd44cd6ac9003e7585005c6faf034aefb67
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.aarch64.rpm	SHA-256: aa865d8ecc1b8d85f2231778e09743cc10e8dc4fc5c917d34816fd64d84b0617
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.aarch64.rpm	SHA-256: 1f46f720b394e2a8f916a031bcec1ddb4d293b55c0cc102a0a831105490bccb2

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
ppc64le
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: e34e366fbe99ec91e57c9b6cfcfaa314573d2a96dd0593102e1fe39bcbc9af9c
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: d3a18bbf279679c52ac7b7abcd45382164090edd6cdc9a3f22cb0cbd43713356
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: 2c835fc3ad69bdf4ded0bc479c12457892742890430eb3c38717ba717da15ae4

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
x86_64
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.i686.rpm	SHA-256: 0ad706171622f5a044f457f9dfb4115465d6773d3e74fbaa5286a697e7023ca3
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.x86_64.rpm	SHA-256: d518292ec6b707af888c24486fc8f79739ec983e6cc137c5f83a4937ba7d7e90
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.i686.rpm	SHA-256: 03fd2b8e0767f708ac738071d309bdbf6a7f8cb99966b4dfe02061b06eb86af3
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.x86_64.rpm	SHA-256: 97e239945079deecd22bfd63e9fda675ffb445d767b653f16d31af17ceedf6ac
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.i686.rpm	SHA-256: 165a8215407198813ef77e6ede729797d8c9f37c257fac25070d998a14cc1ffc
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.x86_64.rpm	SHA-256: a48d301a44cea0b57f2be7fe125e32cdc0409953bbfdb2d1201d9f7cb08fef0e

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM
x86_64
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.i686.rpm	SHA-256: 03fd2b8e0767f708ac738071d309bdbf6a7f8cb99966b4dfe02061b06eb86af3
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.x86_64.rpm	SHA-256: 97e239945079deecd22bfd63e9fda675ffb445d767b653f16d31af17ceedf6ac
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.i686.rpm	SHA-256: 165a8215407198813ef77e6ede729797d8c9f37c257fac25070d998a14cc1ffc
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.x86_64.rpm	SHA-256: a48d301a44cea0b57f2be7fe125e32cdc0409953bbfdb2d1201d9f7cb08fef0e
gstreamer1-plugins-bad-free-devel-1.18.4-6.el9_0.i686.rpm	SHA-256: 7f00158c5554eb748151e499f289c223012e00858116cfd1ae4482688e264a18
gstreamer1-plugins-bad-free-devel-1.18.4-6.el9_0.x86_64.rpm	SHA-256: 8f1749b3297fa4f9ea3f3f85656c3e8e9a2ca13246887ecccbf8dee94a6fd406

Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.0

SRPM
ppc64le
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: d3a18bbf279679c52ac7b7abcd45382164090edd6cdc9a3f22cb0cbd43713356
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: 2c835fc3ad69bdf4ded0bc479c12457892742890430eb3c38717ba717da15ae4
gstreamer1-plugins-bad-free-devel-1.18.4-6.el9_0.ppc64le.rpm	SHA-256: 405e468469f43f4328ac9036d3c4cb3e5d7c38984baa5625ba83d578e60afeb5

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM
s390x
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.s390x.rpm	SHA-256: a3079811208170910558bab3538a56bc3e9b9cd1a1841d48dc5ec5c9418b1089
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.s390x.rpm	SHA-256: e896c80265da07dcd5290e6f5faa09b940af6ddd34ec12ad1d3c8c6315b31e82
gstreamer1-plugins-bad-free-devel-1.18.4-6.el9_0.s390x.rpm	SHA-256: 307054c218882189f2e4b3b94f92473a7524b56fff5182d59ae0126a75e2080d

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM
aarch64
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.aarch64.rpm	SHA-256: aa865d8ecc1b8d85f2231778e09743cc10e8dc4fc5c917d34816fd64d84b0617
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.aarch64.rpm	SHA-256: 1f46f720b394e2a8f916a031bcec1ddb4d293b55c0cc102a0a831105490bccb2
gstreamer1-plugins-bad-free-devel-1.18.4-6.el9_0.aarch64.rpm	SHA-256: 5a20a590f7bca1650f31d939c6430b9db96b41565d97ec0dbbffa087a5aec8ac

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
aarch64
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.aarch64.rpm	SHA-256: 81d16c93ad44e9216d93432619c64dd44cd6ac9003e7585005c6faf034aefb67
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.aarch64.rpm	SHA-256: aa865d8ecc1b8d85f2231778e09743cc10e8dc4fc5c917d34816fd64d84b0617
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.aarch64.rpm	SHA-256: 1f46f720b394e2a8f916a031bcec1ddb4d293b55c0cc102a0a831105490bccb2

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.src.rpm	SHA-256: be840216f42f28d1c3f624cddd8bdc8655fa66ba3068f6f27916dffbb52a48a4
s390x
gstreamer1-plugins-bad-free-1.18.4-6.el9_0.s390x.rpm	SHA-256: 80969161382ed17f9a03e09139ea5f900eda81aff5d90b6f0a9241742e0e3858
gstreamer1-plugins-bad-free-debuginfo-1.18.4-6.el9_0.s390x.rpm	SHA-256: a3079811208170910558bab3538a56bc3e9b9cd1a1841d48dc5ec5c9418b1089
gstreamer1-plugins-bad-free-debugsource-1.18.4-6.el9_0.s390x.rpm	SHA-256: e896c80265da07dcd5290e6f5faa09b940af6ddd34ec12ad1d3c8c6315b31e82

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation