Synopsis: Important: gstreamer-plugins-good security update Issue date: 2009-02-06 CVE Names: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 Multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397) After installing the update, all applications using GStreamer (such as totem or rhythmbox) must be restarted for the changes to take effect. SL 5.x SRPMS: gstreamer-plugins-good-0.10.9-1.el5_3.1.src.rpm i386: gstreamer-plugins-good-0.10.9-1.el5_3.1.i386.rpm gstreamer-plugins-good-devel-0.10.9-1.el5_3.1.i386.rpm x86_64: gstreamer-plugins-good-0.10.9-1.el5_3.1.x86_64.rpm gstreamer-plugins-good-devel-0.10.9-1.el5_3.1.i386.rpm gstreamer-plugins-good-devel-0.10.9-1.el5_3.1.x86_64.rpm -Connie Sieh -Troy Dawson