SciLinux: CVE-2009-0386 Important: gstreamer-plugins-good SL5.x
Summary
Date: Wed, 11 Feb 2009 14:52:36 -0600Reply-To: Troy DawsonSender: Security Errata for Scientific Linux From: Troy Dawson Subject: Security ERRATA Important: gstreamer-plugins-good on SL5.x i386/x86_64Comments: To: "scientific-linux-errata@fnal.gov" Synopsis: Important: gstreamer-plugins-good security updateIssue date: 2009-02-06CVE Names: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397Multiple heap buffer overflows and an array indexing error were found inthe GStreamer's QuickTime media file format decoding plugin. An attackercould create a carefully-crafted QuickTime media .mov file that wouldcause an application using GStreamer to crash or, potentially, executearbitrary code if played by a victim. (CVE-2009-0386, CVE-2009-0387,CVE-2009-0397)After installing the update, all applications using GStreamer (such astotem or rhythmbox) must be restarted for the changes to take effect.SL 5.x SRPMS:gstreamer-plugins-good-0.10.9-1.el5_3.1.src.rpm i386:gstreamer-plugins-good-0.10.9-1.el5_3.1.i386.rpmgstreamer-plugins-good-devel-0.10.9-1.el5_3.1.i386.rpm x86_64:gstreamer-plugins-good-0.10.9-1.el5_3.1.x86_64.rpmgstreamer-plugins-good-devel-0.10.9-1.el5_3.1.i386.rpmgstreamer-plugins-good-devel-0.10.9-1.el5_3.1.x86_64.rpm-Connie Sieh-Troy Dawson