-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: gstreamer1-plugins-good security update Advisory ID: RHSA-2022:7618-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:7618 Issue date: 2022-11-08 CVE Names: CVE-2021-3497 ==================================================================== 1. Summary: An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: GStreamer is a streaming media framework based on graphs of filters that operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Security Fix(es): * gstreamer-plugins-good: Use-after-free in matroska demuxing (CVE-2021-3497) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1945339 - CVE-2021-3497 gstreamer-plugins-good: Use-after-free in matroska demuxing 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: gstreamer1-plugins-good-1.16.1-3.el8.src.rpm aarch64: gstreamer1-plugins-good-1.16.1-3.el8.aarch64.rpm gstreamer1-plugins-good-debuginfo-1.16.1-3.el8.aarch64.rpm gstreamer1-plugins-good-debugsource-1.16.1-3.el8.aarch64.rpm gstreamer1-plugins-good-gtk-1.16.1-3.el8.aarch64.rpm gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8.aarch64.rpm ppc64le: gstreamer1-plugins-good-1.16.1-3.el8.ppc64le.rpm gstreamer1-plugins-good-debuginfo-1.16.1-3.el8.ppc64le.rpm gstreamer1-plugins-good-debugsource-1.16.1-3.el8.ppc64le.rpm gstreamer1-plugins-good-gtk-1.16.1-3.el8.ppc64le.rpm gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8.ppc64le.rpm s390x: gstreamer1-plugins-good-1.16.1-3.el8.s390x.rpm gstreamer1-plugins-good-debuginfo-1.16.1-3.el8.s390x.rpm gstreamer1-plugins-good-debugsource-1.16.1-3.el8.s390x.rpm gstreamer1-plugins-good-gtk-1.16.1-3.el8.s390x.rpm gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8.s390x.rpm x86_64: gstreamer1-plugins-good-1.16.1-3.el8.i686.rpm gstreamer1-plugins-good-1.16.1-3.el8.x86_64.rpm gstreamer1-plugins-good-debuginfo-1.16.1-3.el8.i686.rpm gstreamer1-plugins-good-debuginfo-1.16.1-3.el8.x86_64.rpm gstreamer1-plugins-good-debugsource-1.16.1-3.el8.i686.rpm gstreamer1-plugins-good-debugsource-1.16.1-3.el8.x86_64.rpm gstreamer1-plugins-good-gtk-1.16.1-3.el8.i686.rpm gstreamer1-plugins-good-gtk-1.16.1-3.el8.x86_64.rpm gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8.i686.rpm gstreamer1-plugins-good-gtk-debuginfo-1.16.1-3.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3497 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBY2pSHNzjgjWX9erEAQjtHQ/7BRxZoAp9L8id/LtrbyxJ8aFWu0fG60gO cc56Lib0iOE3W0jgyMr7fz/tGWzNlt7hK9KyiDpS2NmyqAkHIU2nf+5MWx9EAQno 2VN9eB0cq5MvBbbBRhk5Cp3ZhGY5cM1BTmp9TBQ4qgUN9RirtAu4jCnLNUEEi3Ev TlI3ljir/7CQORrBd1sMixy4RnXzkEp/J8W0y2Jl+SKIqVPSqURuBEksRhetqRwt z2m5VfpxDsnLdPVpIjX/LIoko4d2WrY9I9vSuueSa75xZjKJ1t0E9WvgkgKPukFJ DnGVj5SDM86BI2eK0A3VJ6CgLIpjTp676BPxpCq5RAkk0TaVjz1tmm3kIk0nLPaX AxQvgphaWejqULu12ebMbblxfT/qtId1B18sdu/hoDIgsiorf18o0B4VWRrzXPuE PvwZIEZllDLnQOj/YKe+cMlt2LREs9p08n3EcqXnAgY0b10TBYC+gx7ksATamnFM NlcvHxnWhGDV9YtbFwAAZ95M0x72eITg7onwy7abYw0c4r41bCrs0Ym8B/bgLy5d rPzgUNxhi/pzo2lEQ+MBM1tjuVBhgxCRjEdZlAcJ4gsmTItVy2TNpaexmREi0ha3 q26THhrmYaARKidUJJBf79YpJ0odt9+UjiGSdmy9sa1FKdP593Hs+7L/qCCXRAKB KZ/Lxlxk0Mw/2A -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce