Red Hat Product Errata RHSA-2024:11149 - Security Advisory
Issued:
2024-12-16
Updated:
2024-12-16

RHSA-2024:11149 - Security Advisory

Synopsis

Important: gstreamer1-plugins-good security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.

Security Fix(es):

  • gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
  • gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
  • gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
  • gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
  • gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2331719 - CVE-2024-47540 gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer
  • BZ - 2331722 - CVE-2024-47537 gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c
  • BZ - 2331726 - CVE-2024-47539 gstreamer1-plugins-good: OOB-write in convert_to_s334_1a
  • BZ - 2331753 - CVE-2024-47613 gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush
  • BZ - 2331760 - CVE-2024-47606 gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_6.src.rpm SHA-256: a019be93fb06aa32b59e521a4fee664f479079dee6234b2282a66364e589f43f
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_6.i686.rpm SHA-256: 5b51b83954651a5489342741d8c35c91de35d18578fbdd9f0f690cc7d45c73d0
gstreamer1-plugins-good-1.16.1-3.el8_6.x86_64.rpm SHA-256: d4366b9c6c8cf91fb8a8f5a13aa37c801f1d6f4ef4d5ec24ab33a89eb9050216
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 6b75351826fccffd254ad1872177a6de507aa62fe46f4bde75f949664c5f0e41
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: a24007e22de966106e20abfd3301ecf430a5c69642b122f6254f443784dff235
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.i686.rpm SHA-256: 44e1c51bfc967605c2384d15089af1173d7db58491065ed5b8d8d38f456b58f3
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.x86_64.rpm SHA-256: 7af75792614bea04ff243d29f0feded6cfd128b91dc5570977eb5ff3123a2610
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.i686.rpm SHA-256: d113d439b36595602dc9c87b637e51095d382745e3099904764aa3b89241b5d3
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.x86_64.rpm SHA-256: 90a32fef68b10fe91a49334a611f81fd312917fdd4bf82249c7ab3cb3ed11bc4
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 1ede5a4669a885c4c4e49c58a84ea320b36a18fb76138affe8fb276be22f59d7
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: 9bd072b0187e8f90fc5adb151b76a1a759a7d601e5c459d65c857b7b82896ff0

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_6.src.rpm SHA-256: a019be93fb06aa32b59e521a4fee664f479079dee6234b2282a66364e589f43f
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_6.i686.rpm SHA-256: 5b51b83954651a5489342741d8c35c91de35d18578fbdd9f0f690cc7d45c73d0
gstreamer1-plugins-good-1.16.1-3.el8_6.x86_64.rpm SHA-256: d4366b9c6c8cf91fb8a8f5a13aa37c801f1d6f4ef4d5ec24ab33a89eb9050216
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 6b75351826fccffd254ad1872177a6de507aa62fe46f4bde75f949664c5f0e41
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: a24007e22de966106e20abfd3301ecf430a5c69642b122f6254f443784dff235
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.i686.rpm SHA-256: 44e1c51bfc967605c2384d15089af1173d7db58491065ed5b8d8d38f456b58f3
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.x86_64.rpm SHA-256: 7af75792614bea04ff243d29f0feded6cfd128b91dc5570977eb5ff3123a2610
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.i686.rpm SHA-256: d113d439b36595602dc9c87b637e51095d382745e3099904764aa3b89241b5d3
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.x86_64.rpm SHA-256: 90a32fef68b10fe91a49334a611f81fd312917fdd4bf82249c7ab3cb3ed11bc4
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 1ede5a4669a885c4c4e49c58a84ea320b36a18fb76138affe8fb276be22f59d7
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: 9bd072b0187e8f90fc5adb151b76a1a759a7d601e5c459d65c857b7b82896ff0

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_6.src.rpm SHA-256: a019be93fb06aa32b59e521a4fee664f479079dee6234b2282a66364e589f43f
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_6.i686.rpm SHA-256: 5b51b83954651a5489342741d8c35c91de35d18578fbdd9f0f690cc7d45c73d0
gstreamer1-plugins-good-1.16.1-3.el8_6.x86_64.rpm SHA-256: d4366b9c6c8cf91fb8a8f5a13aa37c801f1d6f4ef4d5ec24ab33a89eb9050216
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 6b75351826fccffd254ad1872177a6de507aa62fe46f4bde75f949664c5f0e41
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: a24007e22de966106e20abfd3301ecf430a5c69642b122f6254f443784dff235
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.i686.rpm SHA-256: 44e1c51bfc967605c2384d15089af1173d7db58491065ed5b8d8d38f456b58f3
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.x86_64.rpm SHA-256: 7af75792614bea04ff243d29f0feded6cfd128b91dc5570977eb5ff3123a2610
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.i686.rpm SHA-256: d113d439b36595602dc9c87b637e51095d382745e3099904764aa3b89241b5d3
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.x86_64.rpm SHA-256: 90a32fef68b10fe91a49334a611f81fd312917fdd4bf82249c7ab3cb3ed11bc4
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 1ede5a4669a885c4c4e49c58a84ea320b36a18fb76138affe8fb276be22f59d7
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: 9bd072b0187e8f90fc5adb151b76a1a759a7d601e5c459d65c857b7b82896ff0

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_6.src.rpm SHA-256: a019be93fb06aa32b59e521a4fee664f479079dee6234b2282a66364e589f43f
ppc64le
gstreamer1-plugins-good-1.16.1-3.el8_6.ppc64le.rpm SHA-256: 268dbbbb57b56fb232cb3989f4548d59b5eba93d699b289c4ab7cb8c70c568df
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.ppc64le.rpm SHA-256: 90b0e324cdb4272b99da526a8551d6fa42669444f8e177be8483f375425e44a3
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.ppc64le.rpm SHA-256: 2f0cc2a6ad82b089f752377cb54a16c2d3611e14766edb9a2625290efd74cc10
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.ppc64le.rpm SHA-256: d4c4f63a25c8d8cc481bfd4bfc54f29172af014346c0602bdc8803e98f194ea0
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.ppc64le.rpm SHA-256: 24cb6ed03960f77fadbc1a729edb16348e50b679929220257a8d2d54c95a9d55

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_6.src.rpm SHA-256: a019be93fb06aa32b59e521a4fee664f479079dee6234b2282a66364e589f43f
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_6.i686.rpm SHA-256: 5b51b83954651a5489342741d8c35c91de35d18578fbdd9f0f690cc7d45c73d0
gstreamer1-plugins-good-1.16.1-3.el8_6.x86_64.rpm SHA-256: d4366b9c6c8cf91fb8a8f5a13aa37c801f1d6f4ef4d5ec24ab33a89eb9050216
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 6b75351826fccffd254ad1872177a6de507aa62fe46f4bde75f949664c5f0e41
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: a24007e22de966106e20abfd3301ecf430a5c69642b122f6254f443784dff235
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.i686.rpm SHA-256: 44e1c51bfc967605c2384d15089af1173d7db58491065ed5b8d8d38f456b58f3
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_6.x86_64.rpm SHA-256: 7af75792614bea04ff243d29f0feded6cfd128b91dc5570977eb5ff3123a2610
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.i686.rpm SHA-256: d113d439b36595602dc9c87b637e51095d382745e3099904764aa3b89241b5d3
gstreamer1-plugins-good-gtk-1.16.1-3.el8_6.x86_64.rpm SHA-256: 90a32fef68b10fe91a49334a611f81fd312917fdd4bf82249c7ab3cb3ed11bc4
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.i686.rpm SHA-256: 1ede5a4669a885c4c4e49c58a84ea320b36a18fb76138affe8fb276be22f59d7
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_6.x86_64.rpm SHA-256: 9bd072b0187e8f90fc5adb151b76a1a759a7d601e5c459d65c857b7b82896ff0

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.