HCE2-SA-2024-0078 Important HCE 2.0 Security Fix(es): The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date. (CVE-2023-44446) A heap-based buffer overflow vulnerability was found in the PGS Blu-ray subtitle decoder within GStreamer when processing specific files. This issue could allow a malicious third party to crash the application and execute code by manipulating the heap. (CVE-2023-37329) HCE 2.0 gstreamer1-plugins-bad-free-1.16.2-9.hce2.aarch64.rpm gstreamer1-plugins-bad-free-devel-1.16.2-9.hce2.aarch64.rpm gstreamer1-plugins-bad-free-1.16.2-9.hce2.x86_64.rpm gstreamer1-plugins-bad-free-devel-1.16.2-9.hce2.x86_64.rpm