Red Hat Product Errata RHSA-2026:8862 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8862 - Security Advisory Overview Updated Packages Synopsis Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920) GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082) GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085) GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921) GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083) GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer (CVE-2026-2922) GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2447490 - CVE-2026-2920 GStreamer: GStreamer: Arbitrary code execution via ASF file processing BZ - 2447492 - CVE-2026-3082 GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser BZ - 2447495 - CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay BZ - 2447496 - CVE-2026-2921 GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling BZ - 2447498 - CVE-2026-3083 GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay BZ - 2447500 - CVE-2026-2922 GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer BZ - 2447503 - CVE-2026-2923 GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling CVEs CVE-2026-2920 CVE-2026-2921 CVE-2026-2922 CVE-2026-2923 CVE-2026-3082 CVE-2026-3083 CVE-2026-3085 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM gstreamer1-plugins-bad-free-1.22.12-5.el9_6.src.rpm SHA-256: c602892dc98a56bc7c07ec09f2587eda165d84b38fd4a2f51001e61300cd0501 gstreamer1-plugins-base-1.22.12-5.el9_6.src.rpm SHA-256: b708fd816f9269983034eb5a4af7431a4d640885668e61020c18f21cc858b2b2 gstreamer1-plugins-good-1.22.12-5.el9_6.src.rpm SHA-256: 40e526ae80250e48cbda69dc361f2fc670af2f756edae2ee7ac51847779d0966 gstreamer1-plugins-ugly-free-1.22.12-4.el9_6.src.rpm SHA-256: 45e5338d3b20f648a564e17a099eb1e9db033931c22acec020f10f8d99548cf9 x86_64 gstreamer1-plugins-bad-free-1.22.12-5.el9_6.i686.rpm SHA-256: 3aa5457cb20d2a293e237347ad8dda1c663b41b998adbd5ef5051a2c54312aad gstreamer1-plugins-bad-free-1.22.12-5.el9_6.x86_64.rpm SHA-256: 592bd4954571c17b666a7f613860c72d88ac63d1eb5252c7eae2712da1356a4b gstreamer1-plugins-bad-free-debuginfo-1.22.12-5.el9_6.i686.rpm SHA-256: 865f5c24966cb215ad9080acba0a5780831a9df9196a86049568648bc574d31d gstreamer1-plugins-bad-free-debuginfo-1.22.12-5.el9_6.x86_64.rpm SHA-256: 84f83d50fd3864dac872996040f04c0f0a22f1dd30366284e2bafcadfa554375 gstreamer1-plugins-bad-free-debugsource-1.22.12-5.el9_6.i686.rpm SHA-256: 0242b658cbfc0d06dc4ae847d0c76ee0277f9a5012ce61289f0edd1a342544b2 gstreamer1-plugins-bad-free-debugsource-1.22.12-5.el9_6.x86_64.rpm SHA-256: c4bec040846dc76fd052fd607b250679fdff7caba93517c1ca7f566d501c1e6a gstreamer1-plugins-bad-free-libs-1.22.12-5.el9_6.i686.rpm SHA-256: 19bc303d90905cb681e250094555c7e82ae6f0e1a3d76e22d78a0445ed9869b8 gstreamer1-plugins-bad-free-libs-1.22.12-5.el9_6.x86_64.rpm SHA-256: 517fdcf2e948d8b978b5c526d6f68cda8b0594214218a091caf2c974f56c5abb gstreamer1-plugins-bad-free-libs-debuginfo-1.22.12-5.el9_6.i686.rpm SHA-256: b7995891e7a9e49285a874170cb1fa4639504a03995033a3ca3f481a20042db0 gstreamer1-plugins-bad-free-libs-debuginfo-1.22.12-5.el9_6.x86_64.rpm SHA-256: 153ea5cd408c3ae528f0d92757a6b82cdfbf137527ee7168164f68d570c2c277 gstreamer1-plugins-base-1.22.12-5.el9_6.i686.rpm SHA-256: a71161404531da0b5478946df65d4b4c310a70916d5e38ac1737ba040b9abd1e gstreamer1-plugins-base-1.22.12-5.el9_6.x86_64.rpm SHA-256: 2bde6de4aebe16e6923313a1d8566c2ab76b97346ab572a1177f7e116a798927 gstreamer1-plugins-base-debuginfo-1.22.12-5.el9_6.i686.rpm SHA-256: 14e46ee9c77c5c1d7001f95e0580e8ccb893606f591fa6c91e7d026f2656f04a gstreamer1-plugins-base-debuginfo-1.22.12-5.el9_6.x86_64.rpm SHA-256: 491679ad5a4786f9749cf7d8b9f3ec8e4883c0a226ca677d5583757a8dd95c6a gstreamer1-plugins-base-debugsource-1.22.12-5.el9_6.i686.rpm SHA-256: becee66d26612724bde9c6041fc26580c7f74a84079f23b32d96433fa4b0a72f gstreamer1-plugins-base-debugsource-1.22.12-5.el9_6.x86_64.rpm SHA-256: 8e82a63c37eb2a7176b4c7273fe6011dda3e6c07a06eded2db4da0c406d1c85f gstreamer1-plugins-base-devel-1.22.12-5.el9_6.i686.rpm SHA-256: 246d521c014798f5b06d15ae5a8736a3458649e72f7163be112477ff5ad33c03 gstreamer1-plugins-base-devel-1.22.12-5.el9_6.x86_64.rpm SHA-256: 2f81743234dd4298e37c250d47e465f7ebbd38f60c073caf30047639eb5e40f9 gstreamer1-plugins-base-tools-1.22.12-5.el9_6.x86_64.rpm SHA-256: ff011ca4d60a6a41785b6af53393d7818cfe50bd970b9c07f15ab215c9daa65a gstreamer1-plugins-base-tools-debuginfo-1.22.12-5.el9_6.i686.rpm SHA-256: 6f3dd879b233a709f7e04c0d020355ab7c3859d5ca14e0d3ed48c2eba8cfd2f5 gstreamer1-plugins-base-tools-debuginfo-1.22.12-5.el9_6.x86_64.rpm SHA-256: fbc498cd22bab1b75333a01e25919ae8939840a745aa15f004a5b838b94f6dbe gstreamer1-plugins-good-1.22.12-5.el9_6.i686.rpm SHA-256: 8f003301ad5a6c23ef9c39a88f3749a03bfec54fdd2d8a97ba70b78134109755 gstreamer1-plugins-good-1.22.12-5.el9_6.x86_64.rpm SHA-256: a7186bfff213247840a35ffd9bfbc3847c445c57b6eea0b0a07b7b1791ca9f00 gstreamer1-plugins-good-debuginfo-1.22.12-5.el9_6.i686.rpm SHA-256: e0a0c406cb399eafefb76ef871c57e77c5cc7a53f734034b866dfc3ee682780e gstreamer1-plugins-good-debuginfo-1.22.12-5.el9_6.x86_64.rpm SHA-256: 2733b5d394ff1b421ebe07b7deed9e7382728e7220f31b4277f094d826280e56 gstreamer1-plugins-good-debugsource-1.22.12-5.el9_6.i686.rpm SHA-256: 051697123d28814e1034fd947fce4547a6b223863b807801dbc94eb5015049c0 gstreamer1-plugins-good-debugsource-1.22.12-5.el9_6.x86_64.rpm SHA-256: f07c6bb56a9b185868294a244c2334e41fb7469b181292d1dabc462a017670df gstreamer1-plugins-good-gtk-1.22.12-5.el9_6.i686.rpm SHA-256: af45e6be835a34f4dcc673537c18ff04968afaaa1a609d31ba6bc0740e5c3eb0 gstreamer1-plugins-good-gtk-1.22.12-5.el9_6.x86_64.rpm SHA-256: bf1cb472e2b2c51ebfb84b6c3b39e9bfd2c8f6064800a06975fb2a4b5a486f5c gstreamer1-plugins-good-gtk-debuginfo-1.22.12-5.el9_6.i686.rpm SHA-256: 0759a6b1b226d91bae13d792b909b1a37a5bf367b31d7aaeacb3860bf6446aa0 gstreamer1-plugins-good-gtk-debuginfo-1.22.12-5.el9_6.x86_64.rpm SHA-256: eaf9c6a621377ebe73de73366a773c235de162a66cf5b5836947510217894416 gstreamer1-plugins-good-qt-debuginfo-1.22.12-5.el9_6.i686.rpm SHA-256: 23047250c38b44bb2355adbf6c79881bb7584ca972793cad803af8b6235b1799 gstreamer1-plugins-good-qt-debuginfo-1.22.12-5.el9_6.x86_64.rpm SHA-256: 12f2157a8e02b0d138a04d50819aa024c9614972dcb774f3d29885afb5e84c93 gstreamer1-plugins-ugly-free-1.22.12-4.el9_6.i686.rpm SHA-256: 78d42a567edcce98c9886cf52c17eb8191b264ed14ea62d95facfe3591c5901c gstreamer1-plugins-ugly-free-1.22.12-4.el9_6.x86_64.rpm SHA-256: 1b627cc16561724a12e91af81f19079aea3a1ee6059f52d3f576a6de2a5ac992 gstreamer1-plugins-ugly-free-debuginfo-1.22.12-4.el9_6.i686.rpm SHA-256: f6ca8fdc85813314297ebe30f1617fc907d2fa847e714ec69a0c55dec26f6001 gstreamer1-plugin