Synopsis: Moderate: gstreamer-plugins-base security update Issue date: 2009-04-06 CVE Names: CVE-2009-0586 An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if opened by a victim. (CVE-2009-0586) After installing this update, all applications using GStreamer (such as Totem or Rhythmbox) must be restarted for the changes to take effect. SL 5.x SRPMS: gstreamer-plugins-base-0.10.20-3.0.1.el5_3.src.rpm i386: gstreamer-plugins-base-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.i386.rpm x86_64: gstreamer-plugins-base-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-0.10.20-3.0.1.el5_3.x86_64.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.i386.rpm gstreamer-plugins-base-devel-0.10.20-3.0.1.el5_3.x86_64.rpm -Connie Sieh -Troy Dawson