Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 10: 2009-1230 Moderate: GStreamer Plugins Buffer Overflow Risk

fedora
Calendar Grey February 24, 2009
Dist Fedora Esm H88
The gstreamer-plugins-good version 0.10.13 update resolves vulnerabilities associated with buffer overflow issues found in the parsing of QuickTime files.
Update to 0.10.13

Summary

GStreamer is a streaming media framework, based on graphs of filters which

operate on media data. Applications using this library can do anything

from real-time sound processing to playing videos, and just about anything

else media-related. Its plugin-based architecture means that new data

types or processing capabilities can be added simply by installing new

plug-ins.

GStreamer Good Plug-ins is a collection of well-supported plug-ins of

good quality and under the LGPL license.

* Mon Jan 26 2009 - Bastien Nocera - 0.10.13-1

- Update to 0.10.13

- Update libv4l patch

* Wed Jan 14 2009 Warren Togami 0.10.11-4

- Bug #477877 Fix multilib conflict in -devel

- Bug #478449 Fix ladspa on lib64

* Wed Jan 14 2009 Lennart Poettering 0.10.11-3

- Bug #470000 Fix thread/memleak due to ref-loop

* Tue Jan 13 2009 Bastien Nocera - 0.10.11-2

- Avoid pulsesink hang when PulseAudio disappears

[ 1 ] Bug #481267 - gstreamer-plugins, gstreamer-plugins-good: heap-based buffer overflows / an array index out of bounds vulnerability while parsing malformed QuickTime media files

https://bugzilla.redhat.com/show_bug.cgi?id=481267

[ 2 ] Bug #483736 - CVE-2009-0386 gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Composition Time To Sample (aka ctts) atom data

https://bugzilla.redhat.com/show_bug.cgi?id=483736

[ 3 ] Bug #483737 - CVE-2009-0387 gstreamer-plugins-good: Array index error while parsing malformed QuickTime media files via crafted Sync Sample (aka stss) atom data

https://bugzilla.redhat.com/show_bug.cgi?id=483737

su -c 'yum update gstreamer-plugins-good' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora media framework gstreamer plugin update

Change Log

References

Update Instructions

Product: Fedora 10
Version: 0.10.13
Release: 1.fc10
URL: https://gstreamer.freedesktop.org/
Summary: GStreamer plug-ins with good code and licensing

Topics%20covered

Topics Covered

security advisory buffer overflow Fedora media framework gstreamer plugin update

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here