Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Red Hat: GStreamer Moderate Buffer Overflow Issue RHSA-2009:0352-01 CVE-2009-0586

red hat
Calendar Grey April 6, 2009
Dist Redhat Esm H88
A new version of gstreamer-plugins-base has been issued for Red Hat Enterprise Linux 5, addressing a significant security vulnerability associated with buffer overflow.
Updated gstreamer-plugins-base packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact ...

Solution

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at

Summary

GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins.
An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if opened by a victim. (CVE-2009-0586)
All users of gstreamer-plugins-base are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all applications using GStreamer (such as Totem or Rhythmbox) must be restarted for the changes to take effect.

References

https://www.cve.org/CVERecord?id=CVE-2009-0586 https://access.redhat.com/security/updates/classification#moderate

Package List

Red Hat Enterprise Linux Desktop (v. 5 client):
Source:
i386: gstreamer-plugins-base-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.i386.rpm
x86_64: gstreamer-plugins-base-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-0.10.20-3.0.1.el5_3.x86_64.rpm gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.x86_64.rpm
RHEL Desktop Workstation (v. 5 client):
Source:
i386: gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.i386.rpm
x86_64: gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.x86_64.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.x86_64.rpm
Red Hat Enterprise Linux (v. 5 server):
Source:
i386: gstreamer-plugins-base-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.i386.rpm
ia64: gstreamer-plugins-base-0.10.20-3.0.1.el5_3.ia64.rpm gstreamer-plugins-base-debuginfo-0.10.20-3.0.1.el5_3.ia64.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.ia64.rpm


Read the Full Advisory


Advisory ID: RHSA-2009:0352-01
Product: Red Hat Enterprise Linux
Issue date: 2009-04-06

Topic

Updated gstreamer-plugins-base packages that fix a security issue are now available for Red Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red Hat Security Response Team.

Relevant Releases Architectures

RHEL Desktop Workstation (v. 5 client) - i386, x86_64

Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64

Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64

Bugs Fixed

488208 - CVE-2009-0586 gstreamer-plugins-base: integer overflow in gst_vorbis_tag_add_coverart()

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here