Synopsis: Important: gstreamer-plugins security update Issue date: 2009-02-06 CVE Names: CVE-2009-0397 CVE-2009-0398 An array indexing error was found in the GStreamer's QuickTime media file format decoding plug-in. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0397, CVE-2009-0398) After installing the update, all applications using GStreamer (such as nautilus-media) must be restarted for the changes to take effect. SL 3.0.x SRPMS: gstreamer-plugins-0.6.0-19.src.rpm i386: gstreamer-plugins-0.6.0-19.i386.rpm gstreamer-plugins-devel-0.6.0-19.i386.rpm x86_64: gstreamer-plugins-0.6.0-19.x86_64.rpm gstreamer-plugins-devel-0.6.0-19.x86_64.rpm SL 4.x SRPMS: gstreamer-plugins-0.8.5-1.EL.2.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.2.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm -Connie Sieh -Troy Dawson