Issued:: 2024-12-16
Updated:: 2024-12-16

RHSA-2024:11130 - Security Advisory

Overview
Updated Packages

Synopsis

Important: gstreamer1-plugins-base security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-base is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-base packages contain a collection of well-maintained base plug-ins.

Security Fix(es):

gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet (CVE-2024-47538)
gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer (CVE-2024-47615)
gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header (CVE-2024-47607)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux Server - AUS 8.2 x86_64

Fixes

BZ - 2331727 - CVE-2024-47538 gstreamer1-plugins-base: GStreamer has a stack-buffer overflow in vorbis_handle_identification_packet
BZ - 2331740 - CVE-2024-47615 gstreamer1-plugins-base: out-of-bounds write in Ogg demuxer
BZ - 2331754 - CVE-2024-47607 gstreamer1-plugins-base: stack-buffer overflow in gst_opus_dec_parse_header

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server - AUS 8.2

SRPM
gstreamer1-plugins-base-1.16.1-2.el8_2.src.rpm	SHA-256: 26374207b558667a26007d4bfb3fa0e2b4bcf6f7a9a56562b207268f7076b8db
x86_64
gstreamer1-plugins-base-1.16.1-2.el8_2.i686.rpm	SHA-256: eb662cc7bff3ea119b10e3e0f6edca6d58699ea1b16ca17accd48f3cd15bc99b
gstreamer1-plugins-base-1.16.1-2.el8_2.x86_64.rpm	SHA-256: ef0835e09124dd5b5b6853d4476a69b5405727b611cc880fce0963f59b088b10
gstreamer1-plugins-base-debuginfo-1.16.1-2.el8_2.i686.rpm	SHA-256: 370bf74ca91a5db7ba3e58dd9b42e3cb8b61ea5b1e58c63903b0479f809460c5
gstreamer1-plugins-base-debuginfo-1.16.1-2.el8_2.x86_64.rpm	SHA-256: 0b21df72f5b2e8808c2c3d54bba479d881d22621404addbef53fe8fc6b6c7bbb
gstreamer1-plugins-base-debugsource-1.16.1-2.el8_2.i686.rpm	SHA-256: 9a726f06e112a1fa597b06aee13ae8f49c0d2be7d59a850ee0bb3c29d89cf11c
gstreamer1-plugins-base-debugsource-1.16.1-2.el8_2.x86_64.rpm	SHA-256: 6f9cb7ed7982c3f83f32cc798a9356ae7c55aa338aba618ca3875b33e110a40a
gstreamer1-plugins-base-devel-1.16.1-2.el8_2.i686.rpm	SHA-256: 0df512e5b6750b202f995e5fb07764c29b2156e1697b20f0d8985f10857e1d85
gstreamer1-plugins-base-devel-1.16.1-2.el8_2.x86_64.rpm	SHA-256: 230a1ce883893c3e1f57e9007e0042925aa265116f1f2b3134184bc021ffd77a
gstreamer1-plugins-base-tools-debuginfo-1.16.1-2.el8_2.i686.rpm	SHA-256: 1a37f7c1816049e2d0cc4f349ef776d10191c0a4fb642077146a01564989e678
gstreamer1-plugins-base-tools-debuginfo-1.16.1-2.el8_2.x86_64.rpm	SHA-256: 622038319d3ad7aa15719dcb1db2ec09a9743f8fc657f7954e1fad6471cad2ad

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation