Red Hat Product Errata RHSA-2026:8857 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8857 - Security Advisory Overview Updated Packages Synopsis Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082) GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085) GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921) GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2447492 - CVE-2026-3082 GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser BZ - 2447495 - CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay BZ - 2447496 - CVE-2026-2921 GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling BZ - 2447498 - CVE-2026-3083 GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay CVEs CVE-2026-2921 CVE-2026-3082 CVE-2026-3083 CVE-2026-3085 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM gstreamer1-plugins-bad-free-1.22.1-6.el9_4.src.rpm SHA-256: c5f49f7e99786899886e81f18a42af09a847a60af968585727198acecb80bffa gstreamer1-plugins-base-1.22.1-4.el9_4.src.rpm SHA-256: f893408ef50bed2a771eda7a4b1c1082b72a51e4e75c5080c54151fa409aba84 gstreamer1-plugins-good-1.22.1-4.el9_4.src.rpm SHA-256: 4fe4d1218613e7d187ad4d28803537c41e92ed972e7d24e58c2a06de9aca819e x86_64 gstreamer1-plugins-bad-free-1.22.1-6.el9_4.i686.rpm SHA-256: b865b1d72ab455713f3ba14f5739be313b315d0f568c960a2dba3d8c96546b9e gstreamer1-plugins-bad-free-1.22.1-6.el9_4.x86_64.rpm SHA-256: f087ea9a7938b40fbbb3fbae15b03a7a80010d80dd9863fda20b63119f0feb38 gstreamer1-plugins-bad-free-debuginfo-1.22.1-6.el9_4.i686.rpm SHA-256: 324f8ded6cc4eabb71e179029f174153aae55cb530ccebb6759f943ff1ec2bd3 gstreamer1-plugins-bad-free-debuginfo-1.22.1-6.el9_4.x86_64.rpm SHA-256: daa2c9045c66a0765e4437e33f5cd61f8eb14029aef9de22a160cd1b95db6b57 gstreamer1-plugins-bad-free-debugsource-1.22.1-6.el9_4.i686.rpm SHA-256: 73a7feebd702fdb99f3610c796ce8d07b605aa48c8dabc3dd823378a87f2282d gstreamer1-plugins-bad-free-debugsource-1.22.1-6.el9_4.x86_64.rpm SHA-256: dbfe36cb8297383b09ef44fb276103df33ebf761177dd19e4dc5656f18df4695 gstreamer1-plugins-base-1.22.1-4.el9_4.i686.rpm SHA-256: afc6cda23fc1fb380f47c0e83a80802fdc3f7bda964bf31258b5da6aa6e710a6 gstreamer1-plugins-base-1.22.1-4.el9_4.x86_64.rpm SHA-256: f9bc2105c20c0ba74870c0a1d500a812a3cd1cf7b736d2929b84ce51dcf66997 gstreamer1-plugins-base-debuginfo-1.22.1-4.el9_4.i686.rpm SHA-256: 0818fc52d200c6d4e4d4b37d1717edba1a1c23a3109533cf6c089c64409da1b7 gstreamer1-plugins-base-debuginfo-1.22.1-4.el9_4.x86_64.rpm SHA-256: 4bb655faf8246bae133dd031cb8e0f6ba59e596dffbca20af36525d244189560 gstreamer1-plugins-base-debugsource-1.22.1-4.el9_4.i686.rpm SHA-256: 0aecfaaa548d9f0b0a62c4f9a1a24a15fd53167bad9d69d73e6671b669fe852a gstreamer1-plugins-base-debugsource-1.22.1-4.el9_4.x86_64.rpm SHA-256: 9f77b4b772367e03818e1a72055f0207e61b3b7430a90929028e76f755bab7e9 gstreamer1-plugins-base-devel-1.22.1-4.el9_4.i686.rpm SHA-256: b959ceef0cbc7ea3d1da78703281b704ffd2512038222f27ab6c346b30b66406 gstreamer1-plugins-base-devel-1.22.1-4.el9_4.x86_64.rpm SHA-256: 763fd7a72db3837c70a35e20fc303906299b8fabd6840279e769a5367625e0d1 gstreamer1-plugins-base-tools-1.22.1-4.el9_4.x86_64.rpm SHA-256: daaa12e4630bf468c843c5ec0b8efe2560b5736f40c660ab507c7e234f8f5a48 gstreamer1-plugins-base-tools-debuginfo-1.22.1-4.el9_4.i686.rpm SHA-256: cc1b3eafd25e276158ec27265afc0e5eff4dae0f9b4a488e0a37c5397fa04b59 gstreamer1-plugins-base-tools-debuginfo-1.22.1-4.el9_4.x86_64.rpm SHA-256: e7cafacbee9573410f9b0c76c6e621c8711a91e1feaeef142facf3d4ebda9007 gstreamer1-plugins-good-1.22.1-4.el9_4.i686.rpm SHA-256: 9fd7cde2f5d8b0e97ac4778403ba06ab12dffd622004a28d4fd7cb2bd1b2034c gstreamer1-plugins-good-1.22.1-4.el9_4.x86_64.rpm SHA-256: 2255e820407208cc23ee1352ce8a1bb9d254639044de979c6888476103db5147 gstreamer1-plugins-good-debuginfo-1.22.1-4.el9_4.i686.rpm SHA-256: e1dcc04bd2582058c76b3b47ab7ab9e19532f96d9048f86eafcfc8fec3c17635 gstreamer1-plugins-good-debuginfo-1.22.1-4.el9_4.x86_64.rpm SHA-256: e7c7bc754454bae4b7ccf030413a1638b3d2500e88a65622ddcfbcc642888ba3 gstreamer1-plugins-good-debugsource-1.22.1-4.el9_4.i686.rpm SHA-256: ebe40b535ce94ac8ef885c2d566db2cb254bf00620c4f6fd180dab267f786b33 gstreamer1-plugins-good-debugsource-1.22.1-4.el9_4.x86_64.rpm SHA-256: af5f99f17e1caaefbf06ded93bfa7661352493022d65b1929851a1121220b7e9 gstreamer1-plugins-good-gtk-1.22.1-4.el9_4.i686.rpm SHA-256: bb00ff57a643b4b7915cd157184d2743237447ff2702a7bdc018b4e96d97b168 gstreamer1-plugins-good-gtk-1.22.1-4.el9_4.x86_64.rpm SHA-256: 29a2eac1c8d1b72fd6dee291f76c10dfc8300fd9c9b92565caa7e2c32f2779d7 gstreamer1-plugins-good-gtk-debuginfo-1.22.1-4.el9_4.i686.rpm SHA-256: c27d6d61475f261e9ed2181e5f80a6fcfdf90474555dddaacfd8c73c4aec3fc6 gstreamer1-plugins-good-gtk-debuginfo-1.22.1-4.el9_4.x86_64.rpm SHA-256: e706097ad6f85f46f82b0f2d0c8f31b8b09596bec74aea30f88d555245626328 gstreamer1-plugins-good-qt-debuginfo-1.22.1-4.el9_4.i686.rpm SHA-256: 34ce54a8f6a698d08ad2845d29b47c224328e18d54cae54f0a9922f8512acb4a gstreamer1-plugins-good-qt-debuginfo-1.22.1-4.el9_4.x86_64.rpm SHA-256: 3f4d3c75b18f3d7af638707c555d9af365d50d422bb7631b39c386e6aa0d61a3 Red Hat Enterprise Linux Server - AUS 9.4 SRPM gstreamer1-plugins-bad-free-1.22.1-6.el9_4.src.rpm SHA-256: c5f49f7e99786899886e81f18a42af09a847a60af968585727198acecb80bffa gstreamer1-plugins-base-1.22.1-4.el9_4.src.rpm SHA-256: f893408ef50bed2a771eda7a4b1c1082b72a51e4e75c5080c54151fa409aba84 gstreamer1-plugins-good-1.22.1-4.el9_4.src.rpm SHA-256: 4fe4d1218613e7d187ad4d28803537c41e92ed972e7d24e58c2a06de9aca819e x86_64 gstreamer1-plugins-bad-free-1.22.1-6.el9_4.i686.rpm SHA-256: b865b1d72ab455713f3ba14f5739be313b315d0f568c960a2dba3d8c96546b9e gstreamer1-plugins-bad-free-1.22.1-6.el9_4.x86_64.rpm SHA-256: f087ea9a7938b40fbbb3fbae15b03a7a80010d80dd9863fda20b63119f0feb38 gstreamer1-plugins-bad-free-debuginfo-1.22.1-6.el9_4.i686.rpm SHA-256: 324f8ded6cc4eabb71e179029f174153aae55cb530ccebb6759f943ff1ec2bd3 gstreamer1-plugins-bad-free-debuginfo-1.22.1-6.el9_4.x86_64.rpm SHA-256: daa2c9045c66a0765e4437e33f5cd61f8eb14029aef9de22a160cd1b95db6b57 gstreamer1-plugins-bad-free-debugsource-1.22.1-6.el9_4.i686.rpm SHA-256: 73a7feebd702fdb99f3610c796ce8d07b605aa48c8dabc3dd823378a87f2282d gstreamer1-plugins-bad-free-debugsource-1.22.1-6.el9_4.x86_64.rpm SHA-256: dbfe36cb8297383b09ef44fb276103df33ebf761177dd19e4dc5656f18df4695 gstreamer1-plugins-base-1.22.1-4.el9_4.i686.rpm SHA-256: afc6cda23fc1fb380f47c0e83a80802fdc3f7bda964bf31258b5da6aa6e710a6 gstreamer1-plugins-base-1.22.1-4.el9_4.x86_64.rpm SHA-256: f9bc2105c20c0ba74870c0a1d500a812a3cd1cf7b736d2929b84ce51dcf66997 gstreamer1-plugins-base-debuginfo-1.22.1-4.el9_4.i686.rpm SHA-256: 0818fc52d200c6d4e4d4b37d1717edba1a1c23a3109533cf6c089c64409da1b7 gstreamer1-plugins-base-debuginfo-1.22.1-4.el9_4.x86_64.rpm SHA-256: 4bb655faf8246bae133dd031cb8e0f6ba59e596dffbca20af36525d244189560 gstreamer1-plugins-base-debugsource-1.22.1-4.el9_4.i686.rpm SHA-256: 0aecfaaa548d9f0b0a62c4f9a1a24a1