[ MDVSA-2009:086 ] gstreamer-plugins

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [ MDVSA-2009:086 ] gstreamer-plugins
From: security@xxxxxxxxxxxx
Date: Sat, 04 Apr 2009 02:27:00 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Reply-to: <xsecurity@xxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:086
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gstreamer-plugins
 Date    : April 3, 2009
 Affected: Corporate 3.0
 _______________________________________________________________________

 Problem Description:

 An array indexing error in the GStreamer's QuickTime media file
 format decoding plug-in enables attackers to crash the application
 and potentially execute arbitrary code by using a crafted media file
 (CVE-2009-0398).
 
 This update provides fix for that security issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
 _______________________________________________________________________

 Updated Packages:

 Corporate 3.0:
 7b4be0cc6785817d1ff5c59b60c5f331  
corporate/3.0/i586/gstreamer-a52dec-0.6.4-4.2mdk.i586.rpm
 294392663723cf50cb7e173cdd23e160  
corporate/3.0/i586/gstreamer-aalib-0.6.4-4.2mdk.i586.rpm
 b8637d2173ca121a31b21197dcb2cf7a  
corporate/3.0/i586/gstreamer-arts-0.6.4-4.2mdk.i586.rpm
 7a317d7723978794cdde25db3c1462fa  
corporate/3.0/i586/gstreamer-artsd-0.6.4-4.2mdk.i586.rpm
 79b5a682bc1c98302c0dc68b4d464c27  
corporate/3.0/i586/gstreamer-audio-effects-0.6.4-4.2mdk.i586.rpm
 5a691b3c1dd5a9c0bef53e425ce4851b  
corporate/3.0/i586/gstreamer-audiofile-0.6.4-4.2mdk.i586.rpm
 0feda5ed5b3c8047e93fdf5cd19c8ff5  
corporate/3.0/i586/gstreamer-audio-formats-0.6.4-4.2mdk.i586.rpm
 b1e1f7bbab5f3ddde291518cc171de65  
corporate/3.0/i586/gstreamer-avi-0.6.4-4.2mdk.i586.rpm
 685c0e290bd25cfb1157a4000d052f5d  
corporate/3.0/i586/gstreamer-cdparanoia-0.6.4-4.2mdk.i586.rpm
 9420a443aecf206dcdeea594e58e1277  
corporate/3.0/i586/gstreamer-cdplayer-0.6.4-4.2mdk.i586.rpm
 96a5fc6dec0977dc5b1011bd05c2f645  
corporate/3.0/i586/gstreamer-colorspace-0.6.4-4.2mdk.i586.rpm
 caab9a6306d918c050e8de8d826fd209  
corporate/3.0/i586/gstreamer-dv-0.6.4-4.2mdk.i586.rpm
 73a9cab8ce50d8af5ca08e24350938ce  
corporate/3.0/i586/gstreamer-dxr3-0.6.4-4.2mdk.i586.rpm
 b99c0903fa4c408dc9bf14b215a9606f  
corporate/3.0/i586/gstreamer-esound-0.6.4-4.2mdk.i586.rpm
 5da33082cf9027b2a0ec151fdf41be66  
corporate/3.0/i586/gstreamer-festival-0.6.4-4.2mdk.i586.rpm
 02c4cf9d7e166f7c4556abd7c72b42cb  
corporate/3.0/i586/gstreamer-ffmpeg-0.6.4-4.2mdk.i586.rpm
 c8219bc30ff8d16ad12116a22973e12b  
corporate/3.0/i586/gstreamer-flac-0.6.4-4.2mdk.i586.rpm
 af5af2862c4a9e16a53e2a8ca997c9ab  
corporate/3.0/i586/gstreamer-flx-0.6.4-4.2mdk.i586.rpm
 6657d5e12e0c5e6d2840e1a02abd949b  
corporate/3.0/i586/gstreamer-GConf-0.6.4-4.2mdk.i586.rpm
 ce2eca34c4958b279f1d87e08d2dd76e  
corporate/3.0/i586/gstreamer-gnomevfs-0.6.4-4.2mdk.i586.rpm
 f12f5afb995ca42028716aab35c5962f  
corporate/3.0/i586/gstreamer-gsm-0.6.4-4.2mdk.i586.rpm
 16397ee314a0c8d4434062b1c7a574ed  
corporate/3.0/i586/gstreamer-httpsrc-0.6.4-4.2mdk.i586.rpm
 f31ba254382b0dad9f3ded0afa7600d4  
corporate/3.0/i586/gstreamer-jack-0.6.4-4.2mdk.i586.rpm
 350bdddc34f43c88ad5b7a0fb1e9ccc1  
corporate/3.0/i586/gstreamer-jpeg-0.6.4-4.2mdk.i586.rpm
 c2ec5cb20a944b4d6ac03b221ac28051  
corporate/3.0/i586/gstreamer-jpegmmx-0.6.4-4.2mdk.i586.rpm
 2f30f3425d341f47c1d74abadc528bd1  
corporate/3.0/i586/gstreamer-ladspa-0.6.4-4.2mdk.i586.rpm
 33eda1029d1e97a8571516f452297685  
corporate/3.0/i586/gstreamer-libdvdnav-0.6.4-4.2mdk.i586.rpm
 2868b45a7465dcc74b94eb0a1a675af6  
corporate/3.0/i586/gstreamer-libdvdread-0.6.4-4.2mdk.i586.rpm
 82bcd0f1319d76b091a974fa3708bd91  
corporate/3.0/i586/gstreamer-libpng-0.6.4-4.2mdk.i586.rpm
 512a59310e2e294e98af6d18f21fabdd  
corporate/3.0/i586/gstreamer-mad-0.6.4-4.2mdk.i586.rpm
 b9d56e3b7ed8842df47def11848e722a  
corporate/3.0/i586/gstreamer-mikmod-0.6.4-4.2mdk.i586.rpm
 2a2700c8eae36344e0e7185171af5265  
corporate/3.0/i586/gstreamer-mpeg-0.6.4-4.2mdk.i586.rpm
 7855681c3a429dbf792243fef2ff3e11  
corporate/3.0/i586/gstreamer-oss-0.6.4-4.2mdk.i586.rpm
 ac2fb1432a4a04d6a7e0ee35f22baf74  
corporate/3.0/i586/gstreamer-plugins-0.6.4-4.2mdk.i586.rpm
 908f505adf4665e42f01513f94c7aa6e  
corporate/3.0/i586/gstreamer-plugins-devel-0.6.4-4.2mdk.i586.rpm
 79cb79bd6b47b9f000b9d74b31fc7f7b  
corporate/3.0/i586/gstreamer-qcam-0.6.4-4.2mdk.i586.rpm
 bf74ca06ea867fa48daa58dba9c6cd22  
corporate/3.0/i586/gstreamer-quicktime-0.6.4-4.2mdk.i586.rpm
 bf03b8ccf9abc84467908960b2e255d5  
corporate/3.0/i586/gstreamer-raw1394-0.6.4-4.2mdk.i586.rpm
 1b69687109f36445e8da9b3f6f650a73  
corporate/3.0/i586/gstreamer-SDL-0.6.4-4.2mdk.i586.rpm
 4e4fcf4562d5cf13da8ccfc437fbe054  
corporate/3.0/i586/gstreamer-sid-0.6.4-4.2mdk.i586.rpm
 c6b611202a8bcfcab35e7aa858b187e6  
corporate/3.0/i586/gstreamer-snapshot-0.6.4-4.2mdk.i586.rpm
 43938dd98357131c74dfcea9f7e68271  
corporate/3.0/i586/gstreamer-swfdec-0.6.4-4.2mdk.i586.rpm
 e564e68c934e6b4ade28dd66ec34b27d  
corporate/3.0/i586/gstreamer-udp-0.6.4-4.2mdk.i586.rpm
 121e44e193ecb7ab42117c5400a76e6a  
corporate/3.0/i586/gstreamer-v4l-0.6.4-4.2mdk.i586.rpm
 2501bf4f1df721ffbcd923f0e1f28e69  
corporate/3.0/i586/gstreamer-vcd-0.6.4-4.2mdk.i586.rpm
 b431cb4835b61b1e78098a5b0489eec2  
corporate/3.0/i586/gstreamer-video-effects-0.6.4-4.2mdk.i586.rpm
 196a9ba5b5c8d6a824f0b620c3b7fd8f  
corporate/3.0/i586/gstreamer-videosink-0.6.4-4.2mdk.i586.rpm
 7eea07fbffcd2e7fd673116be541bb1d  
corporate/3.0/i586/gstreamer-videotest-0.6.4-4.2mdk.i586.rpm
 d0271086e326cdfb878fd63cb5e990b7  
corporate/3.0/i586/gstreamer-visualisation-0.6.4-4.2mdk.i586.rpm
 dc79b9b2facfdf6c37df56c54b407b21  
corporate/3.0/i586/gstreamer-vorbis-0.6.4-4.2mdk.i586.rpm
 6961d0e5b7243a8b57d510bb7153eaa2  
corporate/3.0/i586/gstreamer-xvideosink-0.6.4-4.2mdk.i586.rpm
 3f736b943345e07084657520c34220e5  
corporate/3.0/i586/gstreamer-yuv4mjpeg-0.6.4-4.2mdk.i586.rpm
 6d3228f0186eaccbc871d358c483890f  
corporate/3.0/i586/libgstgconf0.6-0.6.4-4.2mdk.i586.rpm
 0b848c79c49c2b82f1290ed4176646b3  
corporate/3.0/i586/libgstplay0.6-0.6.4-4.2mdk.i586.rpm 
 e9f225788d97dd5611a8da50bbb4bb97  
corporate/3.0/SRPMS/gstreamer-plugins-0.6.4-4.2mdk.src.rpm

 Corporate 3.0/X86_64:
 cf86397083aaf82d03ed5f8a7fdc3b3b  
corporate/3.0/x86_64/gstreamer-a52dec-0.6.4-4.2mdk.x86_64.rpm
 7a28854021710df2d2dfb0218ba0bacf  
corporate/3.0/x86_64/gstreamer-aalib-0.6.4-4.2mdk.x86_64.rpm
 82876ee7754810bbd0117acabe2ef313  
corporate/3.0/x86_64/gstreamer-arts-0.6.4-4.2mdk.x86_64.rpm
 555a9f2d41de248d3143e1f80adbb3b3  
corporate/3.0/x86_64/gstreamer-artsd-0.6.4-4.2mdk.x86_64.rpm
 4dd6712ebafb1e814b8fd1bfbe4b41fd  
corporate/3.0/x86_64/gstreamer-audio-effects-0.6.4-4.2mdk.x86_64.rpm
 eed567dc6abaa126effeaae9e18240d2  
corporate/3.0/x86_64/gstreamer-audiofile-0.6.4-4.2mdk.x86_64.rpm
 7ed153b13ab098203a29b8039a03cfcd  
corporate/3.0/x86_64/gstreamer-audio-formats-0.6.4-4.2mdk.x86_64.rpm
 f93b229de3917dc251ee564dc2a1f9e4  
corporate/3.0/x86_64/gstreamer-avi-0.6.4-4.2mdk.x86_64.rpm
 84fba1c782746bb4a0ee12cf8c2712d8  
corporate/3.0/x86_64/gstreamer-cdparanoia-0.6.4-4.2mdk.x86_64.rpm
 cf7c22223cbbba95c171a65b8ce2925b  
corporate/3.0/x86_64/gstreamer-cdplayer-0.6.4-4.2mdk.x86_64.rpm
 88bbbc7aa4089641840dcfeef1cb8e57  
corporate/3.0/x86_64/gstreamer-colorspace-0.6.4-4.2mdk.x86_64.rpm
 a56b349287d7d410d66a18936e3bf9ad  
corporate/3.0/x86_64/gstreamer-dv-0.6.4-4.2mdk.x86_64.rpm
 fe0550b32b491e2be2125ce41f11be6e  
corporate/3.0/x86_64/gstreamer-dxr3-0.6.4-4.2mdk.x86_64.rpm
 83bfe86ef019591b729b3444523c3267  
corporate/3.0/x86_64/gstreamer-esound-0.6.4-4.2mdk.x86_64.rpm
 4bc6e155877dbafe3d78fc73267a5696  
corporate/3.0/x86_64/gstreamer-festival-0.6.4-4.2mdk.x86_64.rpm
 d11c1c22889f3c5693b807a1bb5c96fe  
corporate/3.0/x86_64/gstreamer-ffmpeg-0.6.4-4.2mdk.x86_64.rpm
 32101145b9ddef7f6e6f6f1d6dca9b94  
corporate/3.0/x86_64/gstreamer-flac-0.6.4-4.2mdk.x86_64.rpm
 72f152dbb40dd6db6ec2625675eb774e  
corporate/3.0/x86_64/gstreamer-flx-0.6.4-4.2mdk.x86_64.rpm
 2c1612695306cf513e9f16589a0e32b4  
corporate/3.0/x86_64/gstreamer-GConf-0.6.4-4.2mdk.x86_64.rpm
 2c37cc3a2b9ba274d94747a385c07ad2  
corporate/3.0/x86_64/gstreamer-gnomevfs-0.6.4-4.2mdk.x86_64.rpm
 d32263e0380c40c7d6587df1a2307d97  
corporate/3.0/x86_64/gstreamer-gsm-0.6.4-4.2mdk.x86_64.rpm
 6324107ebc113ca6dbff39802e70c64c  
corporate/3.0/x86_64/gstreamer-httpsrc-0.6.4-4.2mdk.x86_64.rpm
 d740bf51291dfeb3c30af5dfcfa01173  
corporate/3.0/x86_64/gstreamer-jack-0.6.4-4.2mdk.x86_64.rpm
 444d2b92e050c15e58d4a1608cacc73c  
corporate/3.0/x86_64/gstreamer-jpeg-0.6.4-4.2mdk.x86_64.rpm
 6e05620b20f9bf9e3150c970f3a6a006  
corporate/3.0/x86_64/gstreamer-jpegmmx-0.6.4-4.2mdk.x86_64.rpm
 e9feedd03c8eab60ed6b0a959605d5f4  
corporate/3.0/x86_64/gstreamer-ladspa-0.6.4-4.2mdk.x86_64.rpm
 ba96e950032872891f687ce1ff2788a4  
corporate/3.0/x86_64/gstreamer-libdvdnav-0.6.4-4.2mdk.x86_64.rpm
 8d3d77bad5dc74fe83f0f54cfc33308c  
corporate/3.0/x86_64/gstreamer-libdvdread-0.6.4-4.2mdk.x86_64.rpm
 7eea3c7aca8845d97fe01cd3863ae9de  
corporate/3.0/x86_64/gstreamer-libpng-0.6.4-4.2mdk.x86_64.rpm
 8001f0e188454f3379ef824ae2708084  
corporate/3.0/x86_64/gstreamer-mad-0.6.4-4.2mdk.x86_64.rpm
 101f2acb1ab238f3a6f05baa25730296  
corporate/3.0/x86_64/gstreamer-mikmod-0.6.4-4.2mdk.x86_64.rpm
 faea588daf3b4383be7d26105902a440  
corporate/3.0/x86_64/gstreamer-mpeg-0.6.4-4.2mdk.x86_64.rpm
 6bd4e4b95af116b7e72ef9d17b1d0b47  
corporate/3.0/x86_64/gstreamer-oss-0.6.4-4.2mdk.x86_64.rpm
 d02bb7eace03146f48aeb2cbc83e4eb5  
corporate/3.0/x86_64/gstreamer-plugins-0.6.4-4.2mdk.x86_64.rpm
 63d0c5454ddf2e45f9d0f0b1966511c6  
corporate/3.0/x86_64/gstreamer-plugins-devel-0.6.4-4.2mdk.x86_64.rpm
 5320b13d4b23430655169941b4e23ef6  
corporate/3.0/x86_64/gstreamer-quicktime-0.6.4-4.2mdk.x86_64.rpm
 871d19fc5c7597118120dcf5613cb4de  
corporate/3.0/x86_64/gstreamer-raw1394-0.6.4-4.2mdk.x86_64.rpm
 0e1bf5001b9f7ae203ff19efc6405152  
corporate/3.0/x86_64/gstreamer-SDL-0.6.4-4.2mdk.x86_64.rpm
 6e8d6b67f93fa256c368b21ecd1f62d6  
corporate/3.0/x86_64/gstreamer-sid-0.6.4-4.2mdk.x86_64.rpm
 0007c08b1dc6711dc9178232fbf6a263  
corporate/3.0/x86_64/gstreamer-snapshot-0.6.4-4.2mdk.x86_64.rpm
 af9c4e657e288e57180c854369299fe6  
corporate/3.0/x86_64/gstreamer-swfdec-0.6.4-4.2mdk.x86_64.rpm
 c7edfc5a251d986ea72462b2427bef12  
corporate/3.0/x86_64/gstreamer-udp-0.6.4-4.2mdk.x86_64.rpm
 f1d9e602a3f9b4eeedc6f4dbff27f8e6  
corporate/3.0/x86_64/gstreamer-v4l-0.6.4-4.2mdk.x86_64.rpm
 2b84d6e223ca03a1a64642de2cd188a9  
corporate/3.0/x86_64/gstreamer-vcd-0.6.4-4.2mdk.x86_64.rpm
 7b654979b403c4af4b8ed5cafc40195c  
corporate/3.0/x86_64/gstreamer-video-effects-0.6.4-4.2mdk.x86_64.rpm
 8a9307f3e0a40d2c7d3806ac67594439  
corporate/3.0/x86_64/gstreamer-videosink-0.6.4-4.2mdk.x86_64.rpm
 21b7563718bba6fa8511c6facbc49777  
corporate/3.0/x86_64/gstreamer-videotest-0.6.4-4.2mdk.x86_64.rpm
 de1b19bdf5307d242e37ddbd387d34ed  
corporate/3.0/x86_64/gstreamer-visualisation-0.6.4-4.2mdk.x86_64.rpm
 2182ea1ada21c49b2396a6987d4e9b01  
corporate/3.0/x86_64/gstreamer-vorbis-0.6.4-4.2mdk.x86_64.rpm
 cb0fea26b7692ce584058495e7e40c1c  
corporate/3.0/x86_64/gstreamer-xvideosink-0.6.4-4.2mdk.x86_64.rpm
 49118bcb6696d6e49cece68d7a068ae1  
corporate/3.0/x86_64/gstreamer-yuv4mjpeg-0.6.4-4.2mdk.x86_64.rpm
 08035d8aead9e7da152d423b8bf81dd9  
corporate/3.0/x86_64/lib64gstgconf0.6-0.6.4-4.2mdk.x86_64.rpm
 187035879a19f3fd8a6d4033c4073248  
corporate/3.0/x86_64/lib64gstplay0.6-0.6.4-4.2mdk.x86_64.rpm 
 e9f225788d97dd5611a8da50bbb4bb97  
corporate/3.0/SRPMS/gstreamer-plugins-0.6.4-4.2mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJ1n7gmqjQ0CJFipgRAvVOAJ9/yjCiSfBPsC+PBzKPpLtKzxwpcACeJ7vM
QY3Z+/aokwfp0piCYdzSZ90=
=dTAp
-----END PGP SIGNATURE-----
Prev by Date: [ MDVSA-2009:087 ] openssl
Next by Date: VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
Previous by thread: [ MDVSA-2009:087 ] openssl
Next by thread: VMSA-2009-0005 VMware Hosted products, VI Client and patches for ESX and ESXi resolve multiple security issues
Index(es):
- Date
- Thread