Synopsis: Moderate: gstreamer-plugins-base security update
Issue date: 2009-04-06
CVE Names: CVE-2009-0586
An integer overflow flaw which caused a heap-based buffer overflow was
discovered in the Vorbis comment tags reader. An attacker could create a
carefully-crafted Vorbis file that would cause an application using
GStreamer to crash or, potentially, execute arbitrary code if opened by
a victim. (CVE-2009-0586)
After installing this update, all applications using GStreamer (such as
Totem or Rhythmbox) must be restarted for the changes to take effect.
SL 5.x
SRPMS:
gstreamer-plugins-base-0.10.20-3.0.1.el5_3.src.rpm
i386:
gstreamer-plugins-base-0.10.20-3.0.1.el5_3.i386.rpm
gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.i386.rpm
x86_64:
gstreamer-plugins-base-0.10.20-3.0.1.el5_3.i386.rpm
gstreamer-plugins-base-0.10.20-3.0.1.el5_3.x86_64.rpm
gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.i386.rpm
gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.x86_64.rpm
-Connie Sieh
-Troy Dawson