[Full-disclosure] [ MDVSA-2009:086 ] gstreamer-plugins




-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2009:086
http://www.mandriva.com/security/
_______________________________________________________________________

Package : gstreamer-plugins
Date : April 3, 2009
Affected: Corporate 3.0
_______________________________________________________________________

Problem Description:

An array indexing error in the GStreamer's QuickTime media file
format decoding plug-in enables attackers to crash the application
and potentially execute arbitrary code by using a crafted media file
(CVE-2009-0398).

This update provides fix for that security issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
_______________________________________________________________________

Updated Packages:

Corporate 3.0:
7b4be0cc6785817d1ff5c59b60c5f331 corporate/3.0/i586/gstreamer-a52dec-0.6.4-4.2mdk.i586.rpm
294392663723cf50cb7e173cdd23e160 corporate/3.0/i586/gstreamer-aalib-0.6.4-4.2mdk.i586.rpm
b8637d2173ca121a31b21197dcb2cf7a corporate/3.0/i586/gstreamer-arts-0.6.4-4.2mdk.i586.rpm
7a317d7723978794cdde25db3c1462fa corporate/3.0/i586/gstreamer-artsd-0.6.4-4.2mdk.i586.rpm
79b5a682bc1c98302c0dc68b4d464c27 corporate/3.0/i586/gstreamer-audio-effects-0.6.4-4.2mdk.i586.rpm
5a691b3c1dd5a9c0bef53e425ce4851b corporate/3.0/i586/gstreamer-audiofile-0.6.4-4.2mdk.i586.rpm
0feda5ed5b3c8047e93fdf5cd19c8ff5 corporate/3.0/i586/gstreamer-audio-formats-0.6.4-4.2mdk.i586.rpm
b1e1f7bbab5f3ddde291518cc171de65 corporate/3.0/i586/gstreamer-avi-0.6.4-4.2mdk.i586.rpm
685c0e290bd25cfb1157a4000d052f5d corporate/3.0/i586/gstreamer-cdparanoia-0.6.4-4.2mdk.i586.rpm
9420a443aecf206dcdeea594e58e1277 corporate/3.0/i586/gstreamer-cdplayer-0.6.4-4.2mdk.i586.rpm
96a5fc6dec0977dc5b1011bd05c2f645 corporate/3.0/i586/gstreamer-colorspace-0.6.4-4.2mdk.i586.rpm
caab9a6306d918c050e8de8d826fd209 corporate/3.0/i586/gstreamer-dv-0.6.4-4.2mdk.i586.rpm
73a9cab8ce50d8af5ca08e24350938ce corporate/3.0/i586/gstreamer-dxr3-0.6.4-4.2mdk.i586.rpm
b99c0903fa4c408dc9bf14b215a9606f corporate/3.0/i586/gstreamer-esound-0.6.4-4.2mdk.i586.rpm
5da33082cf9027b2a0ec151fdf41be66 corporate/3.0/i586/gstreamer-festival-0.6.4-4.2mdk.i586.rpm
02c4cf9d7e166f7c4556abd7c72b42cb corporate/3.0/i586/gstreamer-ffmpeg-0.6.4-4.2mdk.i586.rpm
c8219bc30ff8d16ad12116a22973e12b corporate/3.0/i586/gstreamer-flac-0.6.4-4.2mdk.i586.rpm
af5af2862c4a9e16a53e2a8ca997c9ab corporate/3.0/i586/gstreamer-flx-0.6.4-4.2mdk.i586.rpm
6657d5e12e0c5e6d2840e1a02abd949b corporate/3.0/i586/gstreamer-GConf-0.6.4-4.2mdk.i586.rpm
ce2eca34c4958b279f1d87e08d2dd76e corporate/3.0/i586/gstreamer-gnomevfs-0.6.4-4.2mdk.i586.rpm
f12f5afb995ca42028716aab35c5962f corporate/3.0/i586/gstreamer-gsm-0.6.4-4.2mdk.i586.rpm
16397ee314a0c8d4434062b1c7a574ed corporate/3.0/i586/gstreamer-httpsrc-0.6.4-4.2mdk.i586.rpm
f31ba254382b0dad9f3ded0afa7600d4 corporate/3.0/i586/gstreamer-jack-0.6.4-4.2mdk.i586.rpm
350bdddc34f43c88ad5b7a0fb1e9ccc1 corporate/3.0/i586/gstreamer-jpeg-0.6.4-4.2mdk.i586.rpm
c2ec5cb20a944b4d6ac03b221ac28051 corporate/3.0/i586/gstreamer-jpegmmx-0.6.4-4.2mdk.i586.rpm
2f30f3425d341f47c1d74abadc528bd1 corporate/3.0/i586/gstreamer-ladspa-0.6.4-4.2mdk.i586.rpm
33eda1029d1e97a8571516f452297685 corporate/3.0/i586/gstreamer-libdvdnav-0.6.4-4.2mdk.i586.rpm
2868b45a7465dcc74b94eb0a1a675af6 corporate/3.0/i586/gstreamer-libdvdread-0.6.4-4.2mdk.i586.rpm
82bcd0f1319d76b091a974fa3708bd91 corporate/3.0/i586/gstreamer-libpng-0.6.4-4.2mdk.i586.rpm
512a59310e2e294e98af6d18f21fabdd corporate/3.0/i586/gstreamer-mad-0.6.4-4.2mdk.i586.rpm
b9d56e3b7ed8842df47def11848e722a corporate/3.0/i586/gstreamer-mikmod-0.6.4-4.2mdk.i586.rpm
2a2700c8eae36344e0e7185171af5265 corporate/3.0/i586/gstreamer-mpeg-0.6.4-4.2mdk.i586.rpm
7855681c3a429dbf792243fef2ff3e11 corporate/3.0/i586/gstreamer-oss-0.6.4-4.2mdk.i586.rpm
ac2fb1432a4a04d6a7e0ee35f22baf74 corporate/3.0/i586/gstreamer-plugins-0.6.4-4.2mdk.i586.rpm
908f505adf4665e42f01513f94c7aa6e corporate/3.0/i586/gstreamer-plugins-devel-0.6.4-4.2mdk.i586.rpm
79cb79bd6b47b9f000b9d74b31fc7f7b corporate/3.0/i586/gstreamer-qcam-0.6.4-4.2mdk.i586.rpm
bf74ca06ea867fa48daa58dba9c6cd22 corporate/3.0/i586/gstreamer-quicktime-0.6.4-4.2mdk.i586.rpm
bf03b8ccf9abc84467908960b2e255d5 corporate/3.0/i586/gstreamer-raw1394-0.6.4-4.2mdk.i586.rpm
1b69687109f36445e8da9b3f6f650a73 corporate/3.0/i586/gstreamer-SDL-0.6.4-4.2mdk.i586.rpm
4e4fcf4562d5cf13da8ccfc437fbe054 corporate/3.0/i586/gstreamer-sid-0.6.4-4.2mdk.i586.rpm
c6b611202a8bcfcab35e7aa858b187e6 corporate/3.0/i586/gstreamer-snapshot-0.6.4-4.2mdk.i586.rpm
43938dd98357131c74dfcea9f7e68271 corporate/3.0/i586/gstreamer-swfdec-0.6.4-4.2mdk.i586.rpm
e564e68c934e6b4ade28dd66ec34b27d corporate/3.0/i586/gstreamer-udp-0.6.4-4.2mdk.i586.rpm
121e44e193ecb7ab42117c5400a76e6a corporate/3.0/i586/gstreamer-v4l-0.6.4-4.2mdk.i586.rpm
2501bf4f1df721ffbcd923f0e1f28e69 corporate/3.0/i586/gstreamer-vcd-0.6.4-4.2mdk.i586.rpm
b431cb4835b61b1e78098a5b0489eec2 corporate/3.0/i586/gstreamer-video-effects-0.6.4-4.2mdk.i586.rpm
196a9ba5b5c8d6a824f0b620c3b7fd8f corporate/3.0/i586/gstreamer-videosink-0.6.4-4.2mdk.i586.rpm
7eea07fbffcd2e7fd673116be541bb1d corporate/3.0/i586/gstreamer-videotest-0.6.4-4.2mdk.i586.rpm
d0271086e326cdfb878fd63cb5e990b7 corporate/3.0/i586/gstreamer-visualisation-0.6.4-4.2mdk.i586.rpm
dc79b9b2facfdf6c37df56c54b407b21 corporate/3.0/i586/gstreamer-vorbis-0.6.4-4.2mdk.i586.rpm
6961d0e5b7243a8b57d510bb7153eaa2 corporate/3.0/i586/gstreamer-xvideosink-0.6.4-4.2mdk.i586.rpm
3f736b943345e07084657520c34220e5 corporate/3.0/i586/gstreamer-yuv4mjpeg-0.6.4-4.2mdk.i586.rpm
6d3228f0186eaccbc871d358c483890f corporate/3.0/i586/libgstgconf0.6-0.6.4-4.2mdk.i586.rpm
0b848c79c49c2b82f1290ed4176646b3 corporate/3.0/i586/libgstplay0.6-0.6.4-4.2mdk.i586.rpm
e9f225788d97dd5611a8da50bbb4bb97 corporate/3.0/SRPMS/gstreamer-plugins-0.6.4-4.2mdk.src.rpm

Corporate 3.0/X86_64:
cf86397083aaf82d03ed5f8a7fdc3b3b corporate/3.0/x86_64/gstreamer-a52dec-0.6.4-4.2mdk.x86_64.rpm
7a28854021710df2d2dfb0218ba0bacf corporate/3.0/x86_64/gstreamer-aalib-0.6.4-4.2mdk.x86_64.rpm
82876ee7754810bbd0117acabe2ef313 corporate/3.0/x86_64/gstreamer-arts-0.6.4-4.2mdk.x86_64.rpm
555a9f2d41de248d3143e1f80adbb3b3 corporate/3.0/x86_64/gstreamer-artsd-0.6.4-4.2mdk.x86_64.rpm
4dd6712ebafb1e814b8fd1bfbe4b41fd corporate/3.0/x86_64/gstreamer-audio-effects-0.6.4-4.2mdk.x86_64.rpm
eed567dc6abaa126effeaae9e18240d2 corporate/3.0/x86_64/gstreamer-audiofile-0.6.4-4.2mdk.x86_64.rpm
7ed153b13ab098203a29b8039a03cfcd corporate/3.0/x86_64/gstreamer-audio-formats-0.6.4-4.2mdk.x86_64.rpm
f93b229de3917dc251ee564dc2a1f9e4 corporate/3.0/x86_64/gstreamer-avi-0.6.4-4.2mdk.x86_64.rpm
84fba1c782746bb4a0ee12cf8c2712d8 corporate/3.0/x86_64/gstreamer-cdparanoia-0.6.4-4.2mdk.x86_64.rpm
cf7c22223cbbba95c171a65b8ce2925b corporate/3.0/x86_64/gstreamer-cdplayer-0.6.4-4.2mdk.x86_64.rpm
88bbbc7aa4089641840dcfeef1cb8e57 corporate/3.0/x86_64/gstreamer-colorspace-0.6.4-4.2mdk.x86_64.rpm
a56b349287d7d410d66a18936e3bf9ad corporate/3.0/x86_64/gstreamer-dv-0.6.4-4.2mdk.x86_64.rpm
fe0550b32b491e2be2125ce41f11be6e corporate/3.0/x86_64/gstreamer-dxr3-0.6.4-4.2mdk.x86_64.rpm
83bfe86ef019591b729b3444523c3267 corporate/3.0/x86_64/gstreamer-esound-0.6.4-4.2mdk.x86_64.rpm
4bc6e155877dbafe3d78fc73267a5696 corporate/3.0/x86_64/gstreamer-festival-0.6.4-4.2mdk.x86_64.rpm
d11c1c22889f3c5693b807a1bb5c96fe corporate/3.0/x86_64/gstreamer-ffmpeg-0.6.4-4.2mdk.x86_64.rpm
32101145b9ddef7f6e6f6f1d6dca9b94 corporate/3.0/x86_64/gstreamer-flac-0.6.4-4.2mdk.x86_64.rpm
72f152dbb40dd6db6ec2625675eb774e corporate/3.0/x86_64/gstreamer-flx-0.6.4-4.2mdk.x86_64.rpm
2c1612695306cf513e9f16589a0e32b4 corporate/3.0/x86_64/gstreamer-GConf-0.6.4-4.2mdk.x86_64.rpm
2c37cc3a2b9ba274d94747a385c07ad2 corporate/3.0/x86_64/gstreamer-gnomevfs-0.6.4-4.2mdk.x86_64.rpm
d32263e0380c40c7d6587df1a2307d97 corporate/3.0/x86_64/gstreamer-gsm-0.6.4-4.2mdk.x86_64.rpm
6324107ebc113ca6dbff39802e70c64c corporate/3.0/x86_64/gstreamer-httpsrc-0.6.4-4.2mdk.x86_64.rpm
d740bf51291dfeb3c30af5dfcfa01173 corporate/3.0/x86_64/gstreamer-jack-0.6.4-4.2mdk.x86_64.rpm
444d2b92e050c15e58d4a1608cacc73c corporate/3.0/x86_64/gstreamer-jpeg-0.6.4-4.2mdk.x86_64.rpm
6e05620b20f9bf9e3150c970f3a6a006 corporate/3.0/x86_64/gstreamer-jpegmmx-0.6.4-4.2mdk.x86_64.rpm
e9feedd03c8eab60ed6b0a959605d5f4 corporate/3.0/x86_64/gstreamer-ladspa-0.6.4-4.2mdk.x86_64.rpm
ba96e950032872891f687ce1ff2788a4 corporate/3.0/x86_64/gstreamer-libdvdnav-0.6.4-4.2mdk.x86_64.rpm
8d3d77bad5dc74fe83f0f54cfc33308c corporate/3.0/x86_64/gstreamer-libdvdread-0.6.4-4.2mdk.x86_64.rpm
7eea3c7aca8845d97fe01cd3863ae9de corporate/3.0/x86_64/gstreamer-libpng-0.6.4-4.2mdk.x86_64.rpm
8001f0e188454f3379ef824ae2708084 corporate/3.0/x86_64/gstreamer-mad-0.6.4-4.2mdk.x86_64.rpm
101f2acb1ab238f3a6f05baa25730296 corporate/3.0/x86_64/gstreamer-mikmod-0.6.4-4.2mdk.x86_64.rpm
faea588daf3b4383be7d26105902a440 corporate/3.0/x86_64/gstreamer-mpeg-0.6.4-4.2mdk.x86_64.rpm
6bd4e4b95af116b7e72ef9d17b1d0b47 corporate/3.0/x86_64/gstreamer-oss-0.6.4-4.2mdk.x86_64.rpm
d02bb7eace03146f48aeb2cbc83e4eb5 corporate/3.0/x86_64/gstreamer-plugins-0.6.4-4.2mdk.x86_64.rpm
63d0c5454ddf2e45f9d0f0b1966511c6 corporate/3.0/x86_64/gstreamer-plugins-devel-0.6.4-4.2mdk.x86_64.rpm
5320b13d4b23430655169941b4e23ef6 corporate/3.0/x86_64/gstreamer-quicktime-0.6.4-4.2mdk.x86_64.rpm
871d19fc5c7597118120dcf5613cb4de corporate/3.0/x86_64/gstreamer-raw1394-0.6.4-4.2mdk.x86_64.rpm
0e1bf5001b9f7ae203ff19efc6405152 corporate/3.0/x86_64/gstreamer-SDL-0.6.4-4.2mdk.x86_64.rpm
6e8d6b67f93fa256c368b21ecd1f62d6 corporate/3.0/x86_64/gstreamer-sid-0.6.4-4.2mdk.x86_64.rpm
0007c08b1dc6711dc9178232fbf6a263 corporate/3.0/x86_64/gstreamer-snapshot-0.6.4-4.2mdk.x86_64.rpm
af9c4e657e288e57180c854369299fe6 corporate/3.0/x86_64/gstreamer-swfdec-0.6.4-4.2mdk.x86_64.rpm
c7edfc5a251d986ea72462b2427bef12 corporate/3.0/x86_64/gstreamer-udp-0.6.4-4.2mdk.x86_64.rpm
f1d9e602a3f9b4eeedc6f4dbff27f8e6 corporate/3.0/x86_64/gstreamer-v4l-0.6.4-4.2mdk.x86_64.rpm
2b84d6e223ca03a1a64642de2cd188a9 corporate/3.0/x86_64/gstreamer-vcd-0.6.4-4.2mdk.x86_64.rpm
7b654979b403c4af4b8ed5cafc40195c corporate/3.0/x86_64/gstreamer-video-effects-0.6.4-4.2mdk.x86_64.rpm
8a9307f3e0a40d2c7d3806ac67594439 corporate/3.0/x86_64/gstreamer-videosink-0.6.4-4.2mdk.x86_64.rpm
21b7563718bba6fa8511c6facbc49777 corporate/3.0/x86_64/gstreamer-videotest-0.6.4-4.2mdk.x86_64.rpm
de1b19bdf5307d242e37ddbd387d34ed corporate/3.0/x86_64/gstreamer-visualisation-0.6.4-4.2mdk.x86_64.rpm
2182ea1ada21c49b2396a6987d4e9b01 corporate/3.0/x86_64/gstreamer-vorbis-0.6.4-4.2mdk.x86_64.rpm
cb0fea26b7692ce584058495e7e40c1c corporate/3.0/x86_64/gstreamer-xvideosink-0.6.4-4.2mdk.x86_64.rpm
49118bcb6696d6e49cece68d7a068ae1 corporate/3.0/x86_64/gstreamer-yuv4mjpeg-0.6.4-4.2mdk.x86_64.rpm
08035d8aead9e7da152d423b8bf81dd9 corporate/3.0/x86_64/lib64gstgconf0.6-0.6.4-4.2mdk.x86_64.rpm
187035879a19f3fd8a6d4033c4073248 corporate/3.0/x86_64/lib64gstplay0.6-0.6.4-4.2mdk.x86_64.rpm
e9f225788d97dd5611a8da50bbb4bb97 corporate/3.0/SRPMS/gstreamer-plugins-0.6.4-4.2mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ1n7gmqjQ0CJFipgRAvVOAJ9/yjCiSfBPsC+PBzKPpLtKzxwpcACeJ7vM
QY3Z+/aokwfp0piCYdzSZ90=
=dTAp
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages