Synopsis: Important: gstreamer-plugins security update
Issue date: 2009-02-06
CVE Names: CVE-2009-0397 CVE-2009-0398
An array indexing error was found in the GStreamer's QuickTime media
file format decoding plug-in. An attacker could create a
carefully-crafted QuickTime media .mov file that would cause an
application using GStreamer to crash or, potentially, execute arbitrary
code if played by a victim. (CVE-2009-0397, CVE-2009-0398)
After installing the update, all applications using GStreamer (such as
nautilus-media) must be restarted for the changes to take effect.
SL 3.0.x
SRPMS:
gstreamer-plugins-0.6.0-19.src.rpm
i386:
gstreamer-plugins-0.6.0-19.i386.rpm
gstreamer-plugins-devel-0.6.0-19.i386.rpm
x86_64:
gstreamer-plugins-0.6.0-19.x86_64.rpm
gstreamer-plugins-devel-0.6.0-19.x86_64.rpm
SL 4.x
SRPMS:
gstreamer-plugins-0.8.5-1.EL.2.src.rpm
i386:
gstreamer-plugins-0.8.5-1.EL.2.i386.rpm
gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm
x86_64:
gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm
gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm
-Connie Sieh
-Troy Dawson