Synopsis: Important: gstreamer-plugins security update Issue date: 2011-05-02 CVE Names: CVE-2006-4192 CVE-2011-1574 An integer overflow flaw, leading to a heap-based buffer overflow, and a stack-based buffer overflow flaw were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2006-4192, CVE-2011-1574) All applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. SL 4.x SRPMS: gstreamer-plugins-0.8.5-1.EL.3.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.3.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.i386.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.3.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.3.x86_64.rpm - Scientific Linux Development Team