Red Hat Product Errata RHSA-2024:11346 - Security Advisory
Issued:
2024-12-18
Updated:
2024-12-18

RHSA-2024:11346 - Security Advisory

Synopsis

Important: gstreamer1-plugins-good security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.

Security Fix(es):

  • gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer (CVE-2024-47540)
  • gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c (CVE-2024-47537)
  • gstreamer1-plugins-good: OOB-write in convert_to_s334_1a (CVE-2024-47539)
  • gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush (CVE-2024-47613)
  • gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes (CVE-2024-47606)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2331719 - CVE-2024-47540 gstreamer1-plugins-good: uninitialized stack memory in Matroska/WebM demuxer
  • BZ - 2331722 - CVE-2024-47537 gstreamer1-plugins-good: OOB-write in isomp4/qtdemux.c
  • BZ - 2331726 - CVE-2024-47539 gstreamer1-plugins-good: OOB-write in convert_to_s334_1a
  • BZ - 2331753 - CVE-2024-47613 gstreamer1-plugins-good: null pointer dereference in gst_gdk_pixbuf_dec_flush
  • BZ - 2331760 - CVE-2024-47606 gstreamer1-plugins-good: integer overflows in MP4/MOV demuxer and memory allocator that can lead to out-of-bounds writes

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.4

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_4.src.rpm SHA-256: 08c16c6c1b284b45958a01e8d7f3d9c41840ffdf62a385cf494fd50594f88588
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_4.i686.rpm SHA-256: 4312bc93a6ec79786f0415d48e9896501a388e1feb5a2d8521e4d2d8651a93e2
gstreamer1-plugins-good-1.16.1-3.el8_4.x86_64.rpm SHA-256: 47d4cf9610ee3c093ebc93d3976c3af75dacecef2be81de267e19619c45742cf
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: dfc7bfc174d01236938c6b8e563de98af6a419689c7676309662c3a6d238966c
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 4f960c34a9cfbc2df7960c1a9abb9a849154bb50e52dc8af431b7dd11f84d17d
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.i686.rpm SHA-256: cb763aa1c09f1db34efab8468f8497a524be6a9c85f45decf1fa02f8a07836f6
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.x86_64.rpm SHA-256: 31ed23de1e5cd36c251f90f3b6a2e4df0ccc1f0b0bea153a4206f656d2518adf
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.i686.rpm SHA-256: 51a90a386101fe6751775f32ba50bc9652cfbc05879472ecd419c0f5e5af07ff
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2e0683670ffd7b256194ffa585e2af53f8820016134190763dda37acf7331b94
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: b72fdae4e18a2d118ba492a5c7b0b25360157dd1719ea93c1692fc972b5730a8
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2951c86277895b96d64b0e9a952305b9ab98ebd52832d2c7567de143ab906b62

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_4.src.rpm SHA-256: 08c16c6c1b284b45958a01e8d7f3d9c41840ffdf62a385cf494fd50594f88588
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_4.i686.rpm SHA-256: 4312bc93a6ec79786f0415d48e9896501a388e1feb5a2d8521e4d2d8651a93e2
gstreamer1-plugins-good-1.16.1-3.el8_4.x86_64.rpm SHA-256: 47d4cf9610ee3c093ebc93d3976c3af75dacecef2be81de267e19619c45742cf
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: dfc7bfc174d01236938c6b8e563de98af6a419689c7676309662c3a6d238966c
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 4f960c34a9cfbc2df7960c1a9abb9a849154bb50e52dc8af431b7dd11f84d17d
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.i686.rpm SHA-256: cb763aa1c09f1db34efab8468f8497a524be6a9c85f45decf1fa02f8a07836f6
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.x86_64.rpm SHA-256: 31ed23de1e5cd36c251f90f3b6a2e4df0ccc1f0b0bea153a4206f656d2518adf
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.i686.rpm SHA-256: 51a90a386101fe6751775f32ba50bc9652cfbc05879472ecd419c0f5e5af07ff
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2e0683670ffd7b256194ffa585e2af53f8820016134190763dda37acf7331b94
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: b72fdae4e18a2d118ba492a5c7b0b25360157dd1719ea93c1692fc972b5730a8
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2951c86277895b96d64b0e9a952305b9ab98ebd52832d2c7567de143ab906b62

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_4.src.rpm SHA-256: 08c16c6c1b284b45958a01e8d7f3d9c41840ffdf62a385cf494fd50594f88588
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_4.i686.rpm SHA-256: 4312bc93a6ec79786f0415d48e9896501a388e1feb5a2d8521e4d2d8651a93e2
gstreamer1-plugins-good-1.16.1-3.el8_4.x86_64.rpm SHA-256: 47d4cf9610ee3c093ebc93d3976c3af75dacecef2be81de267e19619c45742cf
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: dfc7bfc174d01236938c6b8e563de98af6a419689c7676309662c3a6d238966c
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 4f960c34a9cfbc2df7960c1a9abb9a849154bb50e52dc8af431b7dd11f84d17d
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.i686.rpm SHA-256: cb763aa1c09f1db34efab8468f8497a524be6a9c85f45decf1fa02f8a07836f6
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.x86_64.rpm SHA-256: 31ed23de1e5cd36c251f90f3b6a2e4df0ccc1f0b0bea153a4206f656d2518adf
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.i686.rpm SHA-256: 51a90a386101fe6751775f32ba50bc9652cfbc05879472ecd419c0f5e5af07ff
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2e0683670ffd7b256194ffa585e2af53f8820016134190763dda37acf7331b94
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: b72fdae4e18a2d118ba492a5c7b0b25360157dd1719ea93c1692fc972b5730a8
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2951c86277895b96d64b0e9a952305b9ab98ebd52832d2c7567de143ab906b62

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_4.src.rpm SHA-256: 08c16c6c1b284b45958a01e8d7f3d9c41840ffdf62a385cf494fd50594f88588
ppc64le
gstreamer1-plugins-good-1.16.1-3.el8_4.ppc64le.rpm SHA-256: 3dbdabebf4564a9fa9f3d19d26ffe6591ea3ec1c1723dc0d8a007cfe003285df
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.ppc64le.rpm SHA-256: d296342967b38581e79501f0b43b8f28a80dcdef4365b01de7984776f054644c
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.ppc64le.rpm SHA-256: 30a06f9b6c8d6840e06c8909c91c6c09974efc82a2fee3e48a596a09c24217f9
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.ppc64le.rpm SHA-256: 48e46d101832657d6484deb484eb6ef51b1e3cd063751551e804c3ecbc59d0f3
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.ppc64le.rpm SHA-256: 886e76e881aa4bf217e7f3816c4e17428dcc03bc84dd9688e5d9bb2ccddaf861

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
gstreamer1-plugins-good-1.16.1-3.el8_4.src.rpm SHA-256: 08c16c6c1b284b45958a01e8d7f3d9c41840ffdf62a385cf494fd50594f88588
x86_64
gstreamer1-plugins-good-1.16.1-3.el8_4.i686.rpm SHA-256: 4312bc93a6ec79786f0415d48e9896501a388e1feb5a2d8521e4d2d8651a93e2
gstreamer1-plugins-good-1.16.1-3.el8_4.x86_64.rpm SHA-256: 47d4cf9610ee3c093ebc93d3976c3af75dacecef2be81de267e19619c45742cf
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: dfc7bfc174d01236938c6b8e563de98af6a419689c7676309662c3a6d238966c
gstreamer1-plugins-good-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 4f960c34a9cfbc2df7960c1a9abb9a849154bb50e52dc8af431b7dd11f84d17d
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.i686.rpm SHA-256: cb763aa1c09f1db34efab8468f8497a524be6a9c85f45decf1fa02f8a07836f6
gstreamer1-plugins-good-debugsource-1.16.1-3.el8_4.x86_64.rpm SHA-256: 31ed23de1e5cd36c251f90f3b6a2e4df0ccc1f0b0bea153a4206f656d2518adf
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.i686.rpm SHA-256: 51a90a386101fe6751775f32ba50bc9652cfbc05879472ecd419c0f5e5af07ff
gstreamer1-plugins-good-gtk-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2e0683670ffd7b256194ffa585e2af53f8820016134190763dda37acf7331b94
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.i686.rpm SHA-256: b72fdae4e18a2d118ba492a5c7b0b25360157dd1719ea93c1692fc972b5730a8
gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8_4.x86_64.rpm SHA-256: 2951c86277895b96d64b0e9a952305b9ab98ebd52832d2c7567de143ab906b62

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.