ELSA-2024-2287

ELSA-2024-2287 - gstreamer1-plugins-bad-free security update

Type:	SECURITY
Severity:	MODERATE
Release Date:	2024-05-02

Description

[1.22.1-4]
- CVE-2023-40474: Integer overflow leading to heap overwrite in MXF
- CVE-2023-40475: Integer overflow leading to heap overwrite in MXF
- CVE-2023-40476: Integer overflow in H.265 video parser
- ZDI-CAN-22300: buffer overflow vulnerability
- Resolves: RHEL-19501, RHEL-19505, RHEL-19506, RHEL-20201

[1.22.1-3]
- Bump version
- Resolves: RHEL-16795, RHEL-16788

Related CVEs

CVE-2023-40475

CVE-2023-50186

CVE-2023-40474

CVE-2023-40476

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	gstreamer1-plugins-bad-free-1.22.1-4.el9.src.rpm	e1bee06ccd785412eeed107372028330	-	ol9_aarch64_appstream
	gstreamer1-plugins-bad-free-1.22.1-4.el9.src.rpm	e1bee06ccd785412eeed107372028330	-	ol9_aarch64_codeready_builder
	gstreamer1-plugins-bad-free-1.22.1-4.el9.aarch64.rpm	12d33344273384f9d79953821e704cc4	-	ol9_aarch64_appstream
	gstreamer1-plugins-bad-free-devel-1.22.1-4.el9.aarch64.rpm	f198804c09ceda5b67fbdeea91174fe8	-	ol9_aarch64_codeready_builder
Oracle Linux 9 (x86_64)	gstreamer1-plugins-bad-free-1.22.1-4.el9.src.rpm	e1bee06ccd785412eeed107372028330	-	ol9_x86_64_appstream
	gstreamer1-plugins-bad-free-1.22.1-4.el9.src.rpm	e1bee06ccd785412eeed107372028330	-	ol9_x86_64_codeready_builder
	gstreamer1-plugins-bad-free-1.22.1-4.el9.i686.rpm	f1d3e2fe9bee193bba3d8dd5df7b1aa6	-	ol9_x86_64_appstream
	gstreamer1-plugins-bad-free-1.22.1-4.el9.x86_64.rpm	81dfb2fb7da9fd530d45c084daf25906	-	ol9_x86_64_appstream
	gstreamer1-plugins-bad-free-devel-1.22.1-4.el9.i686.rpm	4d35a0472e2a2f589db80ae89e1836f0	-	ol9_x86_64_codeready_builder
	gstreamer1-plugins-bad-free-devel-1.22.1-4.el9.x86_64.rpm	e6a5186ac1867e39e8172bae5b72e6f5	-	ol9_x86_64_codeready_builder

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team