gstreamer security update

2009-02-0614:26:37

CentOS Project

lists.centos.org

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.013

Percentile

86.0%

JSON

CentOS Errata and Security Advisory CESA-2009:0269

The gstreamer-plugins package contains plug-ins used by the GStreamer
streaming-media framework to support a wide variety of media types.

An array indexing error was found in the GStreamer’s QuickTime media file
format decoding plug-in. An attacker could create a carefully-crafted
QuickTime media .mov file that would cause an application using GStreamer
to crash or, potentially, execute arbitrary code if played by a victim.
(CVE-2009-0398)

All users of gstreamer-plugins are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing the update, all applications using GStreamer (such as
nautilus-media) must be restarted for the changes to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-February/077781.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077782.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077787.html
https://lists.centos.org/pipermail/centos-announce/2009-February/077789.html

Affected packages:
gstreamer-plugins
gstreamer-plugins-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:0269

OSVersionArchitecturePackageVersionFilename
CentOS3i386gstreamer-plugins< 0.6.0-19gstreamer-plugins-0.6.0-19.i386.rpm
CentOS3i386gstreamer-plugins-devel< 0.6.0-19gstreamer-plugins-devel-0.6.0-19.i386.rpm
CentOS3i386gstreamer-plugins< 0.6.0-19gstreamer-plugins-0.6.0-19.i386.rpm
CentOS3i386gstreamer-plugins-devel< 0.6.0-19gstreamer-plugins-devel-0.6.0-19.i386.rpm
CentOS3x86_64gstreamer-plugins< 0.6.0-19gstreamer-plugins-0.6.0-19.x86_64.rpm
CentOS3x86_64gstreamer-plugins-devel< 0.6.0-19gstreamer-plugins-devel-0.6.0-19.x86_64.rpm
CentOS3x86_64gstreamer-plugins< 0.6.0-19gstreamer-plugins-0.6.0-19.x86_64.rpm
CentOS3x86_64gstreamer-plugins-devel< 0.6.0-19gstreamer-plugins-devel-0.6.0-19.x86_64.rpm
CentOS3ia64gstreamer-plugins< 0.6.0-19gstreamer-plugins-0.6.0-19.ia64.rpm
CentOS3ia64gstreamer-plugins-devel< 0.6.0-19gstreamer-plugins-devel-0.6.0-19.ia64.rpm

OS	Version	Architecture	Package	Version	Filename
CentOS	3	i386	gstreamer-plugins	< 0.6.0-19	gstreamer-plugins-0.6.0-19.i386.rpm
CentOS	3	i386	gstreamer-plugins-devel	< 0.6.0-19	gstreamer-plugins-devel-0.6.0-19.i386.rpm
CentOS	3	i386	gstreamer-plugins	< 0.6.0-19	gstreamer-plugins-0.6.0-19.i386.rpm
CentOS	3	i386	gstreamer-plugins-devel	< 0.6.0-19	gstreamer-plugins-devel-0.6.0-19.i386.rpm
CentOS	3	x86_64	gstreamer-plugins	< 0.6.0-19	gstreamer-plugins-0.6.0-19.x86_64.rpm
CentOS	3	x86_64	gstreamer-plugins-devel	< 0.6.0-19	gstreamer-plugins-devel-0.6.0-19.x86_64.rpm
CentOS	3	x86_64	gstreamer-plugins	< 0.6.0-19	gstreamer-plugins-0.6.0-19.x86_64.rpm
CentOS	3	x86_64	gstreamer-plugins-devel	< 0.6.0-19	gstreamer-plugins-devel-0.6.0-19.x86_64.rpm
CentOS	3	ia64	gstreamer-plugins	< 0.6.0-19	gstreamer-plugins-0.6.0-19.ia64.rpm
CentOS	3	ia64	gstreamer-plugins-devel	< 0.6.0-19	gstreamer-plugins-devel-0.6.0-19.ia64.rpm