AlmaLinux alert ALSA-2026:6300 (gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free) [LWN.net]

From:
               AlmaLinux Errata Notifications via Announce <announce@lists.almalinux.org>
To:
               announce@lists.almalinux.org
Subject:
               [Announce] [Security Advisory] ALSA-2026:6300: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update (Important)
Date:
               Fri, 03 Apr 2026 19:01:44 +0000
Message-ID:
               <0100019d54b90423-ae834e46-a32c-48ea-9718-e70f70889890-000000@email.amazonses.com>
Archive-link:
               Article
Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata
notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-03

Summary:

GStreamer is a streaming media framework based on graphs of filters which operate on media data.
The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.  

Security Fix(es):  

  * GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920)
  * GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser
(CVE-2026-3082)
  * GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay
(CVE-2026-3085)
  * GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file
handling (CVE-2026-2921)
  * GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay
(CVE-2026-3083)
  * GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer
(CVE-2026-2922)
  * GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling
(CVE-2026-2923)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments,
and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information:
https://errata.almalinux.org/9/ALSA-2026-6300.html

This message is automatically generated, please don’t reply. For further questions, please, contact
us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on
https://lists.almalinux.org.

Kind regards,
AlmaLinux Team
_______________________________________________
Announce mailing list -- announce@lists.almalinux.org
To unsubscribe send an email to announce-leave@lists.almalinux.org

From:		AlmaLinux Errata Notifications via Announce <announce@lists.almalinux.org>
To:		announce@lists.almalinux.org
Subject:		[Announce] [Security Advisory] ALSA-2026:6300: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update (Important)
Date:		Fri, 03 Apr 2026 19:01:44 +0000
Message-ID:		<0100019d54b90423-ae834e46-a32c-48ea-9718-e70f70889890-000000@email.amazonses.com>
Archive-link:		Article