Red Hat Product Errata RHSA-2026:8854 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:8854 - Security Advisory Overview Updated Packages Synopsis Important: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, gstreamer1-plugins-good, and gstreamer1-plugins-ugly-free security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for multiple packages is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920) GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082) GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085) GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921) GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083) GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer (CVE-2026-2922) GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2447490 - CVE-2026-2920 GStreamer: GStreamer: Arbitrary code execution via ASF file processing BZ - 2447492 - CVE-2026-3082 GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser BZ - 2447495 - CVE-2026-3085 GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay BZ - 2447496 - CVE-2026-2921 GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling BZ - 2447498 - CVE-2026-3083 GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay BZ - 2447500 - CVE-2026-2922 GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in RealMedia Demuxer BZ - 2447503 - CVE-2026-2923 GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling CVEs CVE-2026-2920 CVE-2026-2921 CVE-2026-2922 CVE-2026-2923 CVE-2026-3082 CVE-2026-3083 CVE-2026-3085 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM gstreamer1-plugins-bad-free-1.24.11-3.el10_0.src.rpm SHA-256: 531849c028621b3ddddc78ff852bc43abf7cd6d8f308738182058947276c3057 gstreamer1-plugins-base-1.24.11-1.el10_0.1.src.rpm SHA-256: 82a71d7f71a2b8400775d2899d650f39b7c95729e8d4e3df19fa7ec65e1004a0 gstreamer1-plugins-good-1.24.11-1.el10_0.2.src.rpm SHA-256: bb145bf350104c466a6b7b702dce90e6a3ac9c79651219b5cb1c649738b7a6a3 gstreamer1-plugins-ugly-free-1.24.11-1.el10_0.1.src.rpm SHA-256: 2928ded5d2178a1beb86060ce26aabf838415b39d6a74fea0e2024e35e5bba0f x86_64 gstreamer1-plugins-bad-free-1.24.11-3.el10_0.x86_64.rpm SHA-256: d67270c52967893278d97c085ecb0320a8520ef26beefb71ff0aef482d5ff270 gstreamer1-plugins-bad-free-debuginfo-1.24.11-3.el10_0.x86_64.rpm SHA-256: 9789522b10b49d1a57eb2a60bba8ebf0285ded14306426d5842be04daa88cc69 gstreamer1-plugins-bad-free-debugsource-1.24.11-3.el10_0.x86_64.rpm SHA-256: 671715c0750f7706215fda7593472bbf92122eaa52961e06f2123eb1898c1075 gstreamer1-plugins-bad-free-libs-1.24.11-3.el10_0.x86_64.rpm SHA-256: b847b7b942c1c2fd984bd3f03273196dcbf68401ee31454ffb64df88c69b80a9 gstreamer1-plugins-bad-free-libs-debuginfo-1.24.11-3.el10_0.x86_64.rpm SHA-256: 6ec950708b3b190881ae075f3d834ed1d5a0c1b7a28e71021714b08012b437bb gstreamer1-plugins-base-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: afb60c9fafea1aaa1db42fd158f91b315315c12a39779c6c959aea51b450bcc1 gstreamer1-plugins-base-debuginfo-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: ec5989e251cfc2d420a39fee5c8d79e2dbdb12d256ab5c4fcbdadcb6f5ffabc6 gstreamer1-plugins-base-debugsource-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: 642227965fe18defbb42a7a9db0346ee6cd3d73ca66400619da9183246e40862 gstreamer1-plugins-base-devel-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: 1a5279671c75855428150fcda38377d340e25591589c58eb0c993a7c45dc29c3 gstreamer1-plugins-base-tools-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: 3eb5149f944af7515fecb5528f44a8cb908f28ecc849c9b4c7264ae5d655c3c7 gstreamer1-plugins-base-tools-debuginfo-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: 281608c907aac644d8770a481ceeb7def9cda96e917c2e751eb0591b32217b7a gstreamer1-plugins-good-1.24.11-1.el10_0.2.x86_64.rpm SHA-256: e6c22e18e42b41bb172f54783c077125383653c6b8c6d17b626b534ad936c969 gstreamer1-plugins-good-debuginfo-1.24.11-1.el10_0.2.x86_64.rpm SHA-256: d9587321c8098709be9aeb1774c4681e91f65135600d92dfaf3e545076bc4c52 gstreamer1-plugins-good-debugsource-1.24.11-1.el10_0.2.x86_64.rpm SHA-256: 1829fc8fa2729772f5d2300cd02de423b3a90469f99977e2f613badff0bd90ad gstreamer1-plugins-good-gtk-1.24.11-1.el10_0.2.x86_64.rpm SHA-256: 20d5fa8b968c08523d2e7a263dbd2171e753e14232095675aa2e0793a7b65246 gstreamer1-plugins-good-gtk-debuginfo-1.24.11-1.el10_0.2.x86_64.rpm SHA-256: 766799bce78973a724ed42ef47be62c278810b88272816648c054a4875f3581c gstreamer1-plugins-good-qt6-debuginfo-1.24.11-1.el10_0.2.x86_64.rpm SHA-256: 9550f373081b9a4820c5ab7704464a06c4b3fdfe36a32ff740d934af55a5fc8f gstreamer1-plugins-ugly-free-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: de122f2c0f10992ba7e5baa6e1dd36820387ee31be942a94ceaa006857014ac0 gstreamer1-plugins-ugly-free-debuginfo-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: e620767e053bdf9e7ecb102b8f78fe60ea01d822f09b9c4e4e68d8b668f68e9c gstreamer1-plugins-ugly-free-debugsource-1.24.11-1.el10_0.1.x86_64.rpm SHA-256: cdbdd33f63cc5b452e9b1c55a42f026f82318c4e5dc1ddbb8034969da5834e44 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM gstreamer1-plugins-bad-free-1.24.11-3.el10_0.src.rpm SHA-256: 531849c028621b3ddddc78ff852bc43abf7cd6d8f308738182058947276c3057 gstreamer1-plugins-base-1.24.11-1.el10_0.1.src.rpm SHA-256: 82a71d7f71a2b8400775d2899d650f39b7c95729e8d4e3df19fa7ec65e1004a0 gstreamer1-plugins-good-1.24.11-1.el10_0.2.src.rpm SHA-256: bb145bf350104c466a6b7b702dce90e6a3ac9c79651219b5cb1c649738b7a6a3 s390x gstreamer1-plugins-bad-free-1.24.11-3.el10_0.s390x.rpm SHA-256: 872e228a9c5bc05dbb4a23df012c1ec24f7908746e1940e7139d9a7a0b4bab3b gstreamer1-plugins-bad-free-debuginfo-1.24.11-3.el10_0.s390x.rpm SHA-256: 8e068233c40eb0de30e1554748ddf89140266214445134d2fb5ac1e818f29bb5 gstreamer1-plugins-bad-free-debugsource-1.24.11-3.el10_0.s390x.rpm SHA-256: fae3b7b793e794fd7c9d4d57cfe9dc193db9e5a3ae89b95d155f4ac33187d179 gstreamer1-plugins-bad-free-libs-1.24.11-3.el10_0.s390x.rpm SHA-256: 36c9573c79a4580a2bba5f023f984f40192747ef15098c549bb4c0d3f394a6df gstreamer1-plugins-bad-free-libs-debuginfo-1.24.11-3.el10_0.s390x.rpm SHA-256: a5a8bc41238b9087855832184c4b816acec6ce7010d8c9295a78bb9e74d1a28d gstreamer1-plugins-base-1.24.11-1.el10_0.1.s390x.rpm SHA-256: 22728caca9d82bee0452f115e044077a94719d02ef65f96fe3d1071925111d7e gstreamer1-plugins-base-debuginfo-1.24.11-1.el10_0.1.s390x.rpm SHA-256: 7fc563fc76b811a6ad742e761f1737d6d778b52e554ff9bf77d6f4f1911c33a3 gstreamer1-plugins-base-debugsource-1.24.11-1.el10_0.1.s390x.rpm SHA-256: 6536b145d355592402a1b06d80ce1d8a60bb182d79f938b7d64a61961fbddc87 gstreamer1-plugins-base-devel-1.24.11-1.el10_0.1.s390x.rpm SHA-256: 67226be0ba07a29207cc60749cdaad2b3f6c2e526aa2d8772e50246c9d1dc5c6 gstreamer1-plugins-base-tools-1.24.11-1.el10_0.1.s390x.rpm SHA-256: ccd38e3018635f7e733f7efacb83ffa39340ee1cbfe1fa0d68667a9499d51f81 gstreamer1-plugins-base-tools-debuginfo-1.24.11-1.el10_0.1.s390x.rpm SHA-256: a4aaa7d9dee5c8def6c5f13fa0256daa8af580bc7f89adba28c635dc0a59cab0 gstreamer1-plugins-good-1.24.11-1.el10_0.2.s390x.rpm SHA-256: 5cb1d48ec87a2afe8b260162e64f0505e341bea04f57156707ac6fa65c9563a2 gstreamer1-plugins-good-debuginfo-1.24.11-1.el10_0.2.s390x.rpm SHA-256: 2739a25c020f7c2977923424c72d4028bcb85ca68782ed4f515a6c106fb60168 gstreamer1-plugins-good-debugsource-1.24.11-1.el10_0.2.s390x.rpm SHA-256: 274a5831e4bff83792df1f2bee5dec2eb8d039f1769b172a497235ce8e3da7c0 gstreamer1-plugins-good-gtk-1.24.11-1.el10_0.2.s390x.rpm SHA-