Synopsis:   Important: gstreamer-plugins security update
Issue date: 2011-05-02
CVE Names:  CVE-2006-4192 CVE-2011-1574

An integer overflow flaw, leading to a heap-based buffer overflow, and a
stack-based buffer overflow flaw were found in various ModPlug music file
format library (libmodplug) modules, embedded in GStreamer. An attacker
could create specially-crafted music files that, when played by a victim,
would cause applications using GStreamer to crash or, potentially, execute
arbitrary code. (CVE-2006-4192, CVE-2011-1574)

All applications using GStreamer (such as Rhythmbox) must be restarted 
for the changes to take effect.

SL 4.x
     SRPMS:
         gstreamer-plugins-0.8.5-1.EL.3.src.rpm

     i386:
         gstreamer-plugins-0.8.5-1.EL.3.i386.rpm
         gstreamer-plugins-devel-0.8.5-1.EL.3.i386.rpm

     x86_64:
         gstreamer-plugins-0.8.5-1.EL.3.x86_64.rpm
         gstreamer-plugins-devel-0.8.5-1.EL.3.x86_64.rpm


- Scientific Linux Development Team