Troy J Dawson wrote: > Synopsis: Important: gstreamer-plugins-good security update > Issue date: 2009-02-06 > CVE Names: CVE-2009-0386 CVE-2009-0387 CVE-2009-0397 > > Multiple heap buffer overflows and an array indexing error were found in > the GStreamer's QuickTime media file format decoding plugin. An attacker > could create a carefully-crafted QuickTime media .mov file that would > cause an application using GStreamer to crash or, potentially, execute > arbitrary code if played by a victim. (CVE-2009-0386, CVE-2009-0387, > CVE-2009-0397) > > After installing the update, all applications using GStreamer (such as > totem or rhythmbox) must be restarted for the changes to take effect. > > SL 5.x > > SRPMS: > gstreamer-plugins-good-0.10.9-1.el5_3.1.src.rpm > i386: > gstreamer-plugins-good-0.10.9-1.el5_3.1.i386.rpm > gstreamer-plugins-good-devel-0.10.9-1.el5_3.1.i386.rpm Dependancies: gstreamer-0.10.20-3.el5.i386.rpm gstreamer-devel-0.10.20-3.el5.i386.rpm gstreamer-plugins-base-0.10.20-3.el5.i386.rpm gstreamer-plugins-base-devel-0.10.20-3.el5.i386.rpm gstreamer-tools-0.10.20-3.el5.i386.rpm > x86_64: > gstreamer-plugins-good-0.10.9-1.el5_3.1.x86_64.rpm > gstreamer-plugins-good-devel-0.10.9-1.el5_3.1.i386.rpm > gstreamer-plugins-good-devel-0.10.9-1.el5_3.1.x86_64.rpm Dependancies: gstreamer-0.10.20-3.el5.i386.rpm gstreamer-0.10.20-3.el5.x86_64.rpm gstreamer-devel-0.10.20-3.el5.i386.rpm gstreamer-devel-0.10.20-3.el5.x86_64.rpm gstreamer-plugins-base-0.10.20-3.el5.i386.rpm gstreamer-plugins-base-0.10.20-3.el5.x86_64.rpm gstreamer-plugins-base-devel-0.10.20-3.el5.i386.rpm gstreamer-plugins-base-devel-0.10.20-3.el5.x86_64.rpm gstreamer-tools-0.10.20-3.el5.x86_64.rpm Sorry about that. Troy -- __________________________________________________ Troy Dawson [log in to unmask] (630)840-6468 Fermilab ComputingDivision/LCSI/CSI DSS Group __________________________________________________