SCIENTIFIC-LINUX-ERRATA Archives

May 2011

SCIENTIFIC-LINUX-ERRATA@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Security ERRATA Important: gstreamer-plugins on SL4.x i386/x86_64
From:
Jason Harrington <[log in to unmask]>
Reply To:
[log in to unmask]
Date:
Wed, 4 May 2011 15:44:37 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (29 lines) 
Synopsis:   Important: gstreamer-plugins security update
Issue date: 2011-05-02
CVE Names:  CVE-2006-4192 CVE-2011-1574

An integer overflow flaw, leading to a heap-based buffer overflow, and a
stack-based buffer overflow flaw were found in various ModPlug music file
format library (libmodplug) modules, embedded in GStreamer. An attacker
could create specially-crafted music files that, when played by a victim,
would cause applications using GStreamer to crash or, potentially, execute
arbitrary code. (CVE-2006-4192, CVE-2011-1574)

All applications using GStreamer (such as Rhythmbox) must be restarted 
for the changes to take effect.

SL 4.x
     SRPMS:
         gstreamer-plugins-0.8.5-1.EL.3.src.rpm

     i386:
         gstreamer-plugins-0.8.5-1.EL.3.i386.rpm
         gstreamer-plugins-devel-0.8.5-1.EL.3.i386.rpm

     x86_64:
         gstreamer-plugins-0.8.5-1.EL.3.x86_64.rpm
         gstreamer-plugins-devel-0.8.5-1.EL.3.x86_64.rpm


- Scientific Linux Development Team

ATOM RSS1 RSS2