ALSA-2024:3060

[ALSA-2024:3060] Moderate: gstreamer1-plugins-bad-free security update

Type:

security

Severity:

moderate

Release date:

2024-05-29

Description:

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.

Security Fix(es):

* gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with uncompressed video (CVE-2023-40474)
* gstreamer-plugins-bad: Integer overflow leading to heap overwrite in MXF file handling with AES3 audio (CVE-2023-40475)
* gstreamer-plugins-bad: Integer overflow in H.265 video parser leading to stack overwrite (CVE-2023-40476)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.aarch64.rpm	7a03e2d11b757fd7e6d8d2a0d488d0e9e3178df69e634b880c7d6da5b14c32c5
aarch64	gstreamer1-plugins-bad-free-1.16.1-4.el8.aarch64.rpm	f929f88f982b392b718509e99643c786959d3413ecc4a2f3f6aaddf6423018d8
i686	gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.i686.rpm	15873d3fd32d03e5ef1f3759d51937ddbcdb4fe2f0387079e33604f7502a0f07
i686	gstreamer1-plugins-bad-free-1.16.1-4.el8.i686.rpm	e05911e2910688b73fc4f4a3b9aed411ee62e0634e1d708ac51375b498fba190
ppc64le	gstreamer1-plugins-bad-free-1.16.1-4.el8.ppc64le.rpm	682c064c7f60ce84f7be9e9483bef0262fc104ed86cc7647d191e4265dbe6d26
ppc64le	gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.ppc64le.rpm	c755323ed636eee8631b5a8419240736a0540e7be2339297698c84133296f005
s390x	gstreamer1-plugins-bad-free-1.16.1-4.el8.s390x.rpm	965d542367c97314f7fb06ffd3bd00986ac56d80b66f5987c3fff99e6d9f4fe3
s390x	gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.s390x.rpm	b81aa7a4d7991e37a13b93c644793f15d0b0c887988c374ff04d022fee84607d
x86_64	gstreamer1-plugins-bad-free-devel-1.16.1-4.el8.x86_64.rpm	0bcb555af1d04ffec69f3c7236bd9022ca60c250d28c9fe447ec252882b3f29c
x86_64	gstreamer1-plugins-bad-free-1.16.1-4.el8.x86_64.rpm	3a19dc2786c1099363f659d724ba23f39790d1b309a6dcc3823871ef216701db

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.