gstreamer security update

2009-02-06T14:26:37
ID CESA-2009:0269
Type centos
Reporter CentOS Project
Modified 2009-02-06T18:56:21

Description

CentOS Errata and Security Advisory CESA-2009:0269

The gstreamer-plugins package contains plug-ins used by the GStreamer streaming-media framework to support a wide variety of media types.

An array indexing error was found in the GStreamer's QuickTime media file format decoding plug-in. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0398)

All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the update, all applications using GStreamer (such as nautilus-media) must be restarted for the changes to take effect.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2009-February/027657.html http://lists.centos.org/pipermail/centos-announce/2009-February/027658.html http://lists.centos.org/pipermail/centos-announce/2009-February/027663.html http://lists.centos.org/pipermail/centos-announce/2009-February/027665.html

Affected packages: gstreamer-plugins gstreamer-plugins-devel

Upstream details at: https://rhn.redhat.com/errata/RHSA-2009-0269.html