Headline
RHSA-2023:2260: Red Hat Security Advisory: gstreamer1-plugins-good security update
An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-1920: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska file. This vulnerability can result in application crash, memory corruption, and code execution.
- CVE-2022-1921: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the avi demuxer when processing a specially crafted AVI file. This vulnerability can result in application crash, memory corruption, and code execution.
- CVE-2022-1922: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution.
- CVE-2022-1923: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using bzip decompression. This vulnerability can result in application crash, memory corruption, and code execution.
- CVE-2022-1924: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using lzo decompression. This vulnerability can result in application crash, memory corruption, and code execution.
- CVE-2022-1925: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the mkv demuxer when processing a specially crafted Matroska/WebM file using HEADERSTRIP decompression. This vulnerability can result in application crash, memory corruption, and code execution.
- CVE-2022-2122: A flaw was found in GStreamer. An integer overflow can lead to a heap-based buffer overflow in the qt demuxer when processing a specially crafted QuickTime/MP4 file using zlib decompression. This vulnerability can result in application crash, memory corruption, and code execution.
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2023-05-09
Updated:
2023-05-09
RHSA-2023:2260 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: gstreamer1-plugins-good security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for gstreamer1-plugins-good is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license.
Security Fix(es):
- gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header() (CVE-2022-1920)
- gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files (CVE-2022-1921)
- gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression (CVE-2022-1922)
- gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using bz2 decompression (CVE-2022-1923)
- gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression (CVE-2022-1924)
- gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression (CVE-2022-1925)
- gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression (CVE-2022-2122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
Fixes
- BZ - 2130935 - CVE-2022-1920 gstreamer-plugins-good: Potential heap overwrite in gst_matroska_demux_add_wvpk_header()
- BZ - 2130949 - CVE-2022-1921 gstreamer-plugins-good: Heap-based buffer overflow in the avi demuxer when handling certain AVI files
- BZ - 2130955 - CVE-2022-1922 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using zlib decompression
- BZ - 2130959 - CVE-2022-1923 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using bz2 decompression
- BZ - 2131003 - CVE-2022-1924 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using lzo decompression
- BZ - 2131007 - CVE-2022-1925 gstreamer-plugins-good: Potential heap overwrite in mkv demuxing using HEADERSTRIP decompression
- BZ - 2131018 - CVE-2022-2122 gstreamer-plugins-good: Potential heap overwrite in mp4 demuxing using zlib decompression
CVEs
- CVE-2022-1920
- CVE-2022-1921
- CVE-2022-1922
- CVE-2022-1923
- CVE-2022-1924
- CVE-2022-1925
- CVE-2022-2122
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index
Red Hat Enterprise Linux for x86_64 9
SRPM
gstreamer1-plugins-good-1.18.4-6.el9.src.rpm
SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038
x86_64
gstreamer1-plugins-good-1.18.4-6.el9.i686.rpm
SHA-256: 439294e83e084d14ad93c5d27919b0e382079d1e2eb6caa7607db465e4f6c733
gstreamer1-plugins-good-1.18.4-6.el9.x86_64.rpm
SHA-256: 0a6a86d781e6a87dba9f38df9ac7bd7b1496dae31c6a431e233df7b86c20d358
gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.i686.rpm
SHA-256: 4bb0913e40fa15bd3efcd7fbedd0f192ba597158705f94e7ccbe461efddde884
gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.x86_64.rpm
SHA-256: 45ef82dbcd2a272abf953c53ea7c514f8699725308afb478a6b8c7f577bb91f5
gstreamer1-plugins-good-debugsource-1.18.4-6.el9.i686.rpm
SHA-256: 590520ec6e57987c1f77e11029ffd793cf3261b16d984f0c9ade52a24e959b1e
gstreamer1-plugins-good-debugsource-1.18.4-6.el9.x86_64.rpm
SHA-256: c46e259d56eb17f2b8b101748944e03d749c097ce8969930723f27d9cccec04b
gstreamer1-plugins-good-gtk-1.18.4-6.el9.i686.rpm
SHA-256: f087b1845add6b4981d6fb46ff1b61e4d8e95cd6f732ec646b9f90156fd576f9
gstreamer1-plugins-good-gtk-1.18.4-6.el9.x86_64.rpm
SHA-256: f713d14eebb6c03693bc611e41de25ae650232fddbfeb8115f145eaf346c584e
gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.i686.rpm
SHA-256: 3ef36ac7d6c74f1ce4fdf4d4849040ae092b5c880efc1912e2b81e07cea1d536
gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.x86_64.rpm
SHA-256: 97f299afc4400f30639670cf25d55677ec33b0e7e5eef05093d076b3c91951e1
gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.i686.rpm
SHA-256: 4528cd099fa813b0cc0419bf18406cf162838cdeaab87f30d4d070ed4f093a1e
gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.x86_64.rpm
SHA-256: 7d9e6e60c564297104d634d47cd9b1db9df0b7145f02b2b8037e05cdf9502474
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
gstreamer1-plugins-good-1.18.4-6.el9.src.rpm
SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038
s390x
gstreamer1-plugins-good-1.18.4-6.el9.s390x.rpm
SHA-256: 219fe6c52e811448cfc37f16ede53b0ee1ee5741825e8e0169e963110f1f017c
gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.s390x.rpm
SHA-256: c2d4d71fdb41f8732726c5c4427fb17f5f10e65d489d0c898af4a3c1577516f3
gstreamer1-plugins-good-debugsource-1.18.4-6.el9.s390x.rpm
SHA-256: d33aa9df1505461da0e5d821d84ce62e993bf7d0170b1b7c6955e715d3ce1777
gstreamer1-plugins-good-gtk-1.18.4-6.el9.s390x.rpm
SHA-256: 9514f57f3a96cd3b5a6674c3f3d4538b295252cdf4f549c698db7aefb2308d01
gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.s390x.rpm
SHA-256: 08616c083995aae17c0ee78dae9973c7672624c46382a0b4f259714dbcb8e3f1
gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.s390x.rpm
SHA-256: e54f8e13423699ec88162c4ee7266419d7681aaf2229bb4522147d6291339aab
Red Hat Enterprise Linux for Power, little endian 9
SRPM
gstreamer1-plugins-good-1.18.4-6.el9.src.rpm
SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038
ppc64le
gstreamer1-plugins-good-1.18.4-6.el9.ppc64le.rpm
SHA-256: 87ff2e0e705abb9a42468638862ef36d02bd7af906e54474aea2b04f5d0ddede
gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.ppc64le.rpm
SHA-256: 4d1e4e776b598a20214c3679942c9a0b2b4a86a9ddbc27bd83525716d404ef8c
gstreamer1-plugins-good-debugsource-1.18.4-6.el9.ppc64le.rpm
SHA-256: 16cfd81cf29757297343be509f5b0eadffecba2fefa8e4fb10ceabb2c90f14cd
gstreamer1-plugins-good-gtk-1.18.4-6.el9.ppc64le.rpm
SHA-256: cf89b7e9afbbb513a3793e238ee172f65eec8f89d72857f900d48bd9344c82fa
gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.ppc64le.rpm
SHA-256: eefa65bb1724ccc260a19689fd0f3261e80b36c17e172eb2dbf6d79c818c1655
gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.ppc64le.rpm
SHA-256: cde452aa0a0ce24f9bedd77b0b91352946028f6e3934ead893cff9c00697f3d5
Red Hat Enterprise Linux for ARM 64 9
SRPM
gstreamer1-plugins-good-1.18.4-6.el9.src.rpm
SHA-256: 8a9cfba785808125d90b997020e79fbffe3f7fddd9cd24a5a3d3c1637c6ad038
aarch64
gstreamer1-plugins-good-1.18.4-6.el9.aarch64.rpm
SHA-256: 8a85f399cbd7103789c42b55fffb1d4e61fa1aca49e149a4d68d3dadca2fac4d
gstreamer1-plugins-good-debuginfo-1.18.4-6.el9.aarch64.rpm
SHA-256: c17434838b7ebb0a73da6f820db2472971f738254d3b20fb9e2ae6059ad792d3
gstreamer1-plugins-good-debugsource-1.18.4-6.el9.aarch64.rpm
SHA-256: 026cb3dd24e9f6fa8ea44c6482352980b9cc4f5bb9ec841a00e812aa382a32d3
gstreamer1-plugins-good-gtk-1.18.4-6.el9.aarch64.rpm
SHA-256: 4a0c92249b603e35cba654c77b76e84f05680c45962e211ad03052861082cd33
gstreamer1-plugins-good-gtk-debuginfo-1.18.4-6.el9.aarch64.rpm
SHA-256: a696f05b6a7243ddc17c998082a32af8620ad70fb76373da604ad74f33f9fcb6
gstreamer1-plugins-good-qt-debuginfo-1.18.4-6.el9.aarch64.rpm
SHA-256: 5f7595eed642c56ec3797d9a969f69478d8d3e3664699732fbc3b6aba42bfcba
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Gentoo Linux Security Advisory 202409-13 - Multiple vulnerabilities have been discovered in gst-plugins-good, the worst of which could lead to denial of service or arbitrary code execution. Versions greater than or equal to 1.20.3 are affected.
Red Hat Security Advisory 2023-2260-01 - GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-good packages contain a collection of well-supported plug-ins of good quality and under the LGPL license. Issues addressed include a buffer overflow vulnerability.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
OpenHarmony-v3.1.2 and prior versions have a heap overflow vulnerability. Local attackers can trigger a heap overflow and get network sensitive information.
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
Ubuntu Security Notice 5555-1 - It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to execute arbitrary code. It was discovered that GStreamer Good Plugins incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code.
DOS / potential heap overwrite in qtdemux using zlib decompression. Integer overflow in qtdemux element in qtdemux_inflate function which causes a segfault, or could cause a heap overwrite, depending on libc and OS. Depending on the libc used, and the underlying OS capabilities, it could be just a segfault or a heap overwrite.
Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.
Integer overflow in matroskademux element in gst_matroska_demux_add_wvpk_header function which allows a heap overwrite while parsing matroska files. Potential for arbitrary code execution through heap overwrite.