Security Advisory Important: gstreamer-plugins security update

Advisory: RHSA-2009:0269-9
Type: Security Advisory
Severity: Important
Issued on: 2009-02-06
Last updated on: 2009-02-06
Affected Products: Red Hat Desktop (v. 3)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
OVAL: com.redhat.rhsa-20090269.xml
CVEs (cve.mitre.org): CVE-2009-0398

Details

Updated gstreamer-plugins packages that fix one security issue are now
available for Red Hat Enterprise Linux 3.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The gstreamer-plugins package contains plug-ins used by the GStreamer
streaming-media framework to support a wide variety of media types.

An array indexing error was found in the GStreamer's QuickTime media file
format decoding plug-in. An attacker could create a carefully-crafted
QuickTime media .mov file that would cause an application using GStreamer
to crash or, potentially, execute arbitrary code if played by a victim.
(CVE-2009-0398)

All users of gstreamer-plugins are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing the update, all applications using GStreamer (such as
nautilus-media) must be restarted for the changes to take effect.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 3)
SRPMS:
gstreamer-plugins-0.6.0-19.src.rpm     74ba043e30db9aa04044f348dc3940ce
 
IA-32:
gstreamer-plugins-0.6.0-19.i386.rpm     e5ded8dd6ac055d26561e55ee55407d2
gstreamer-plugins-devel-0.6.0-19.i386.rpm     e504676163be7b5e052f17bc0c004513
 
x86_64:
gstreamer-plugins-0.6.0-19.x86_64.rpm     6ce312c12f361fd91565595d243e2ed5
gstreamer-plugins-devel-0.6.0-19.x86_64.rpm     c708f16269b632bb065aa689df7e38be
 
Red Hat Enterprise Linux AS (v. 3)
SRPMS:
gstreamer-plugins-0.6.0-19.src.rpm     74ba043e30db9aa04044f348dc3940ce
 
IA-32:
gstreamer-plugins-0.6.0-19.i386.rpm     e5ded8dd6ac055d26561e55ee55407d2
gstreamer-plugins-devel-0.6.0-19.i386.rpm     e504676163be7b5e052f17bc0c004513
 
IA-64:
gstreamer-plugins-0.6.0-19.ia64.rpm     f2aec7e40ae7642c9aa303dc0a06f07f
gstreamer-plugins-devel-0.6.0-19.ia64.rpm     5c9e6ed68fbcc0db5052cc915e5e6d92
 
PPC:
gstreamer-plugins-0.6.0-19.ppc.rpm     f860f678853439c0678336e01f7f03dd
gstreamer-plugins-devel-0.6.0-19.ppc.rpm     f1197b7175b23b1c0807b55d628b5569
 
s390:
gstreamer-plugins-0.6.0-19.s390.rpm     2f1798963d319015092b7deb61dd8db7
gstreamer-plugins-devel-0.6.0-19.s390.rpm     313f381a3f8276d14218b70a36c4ede6
 
s390x:
gstreamer-plugins-0.6.0-19.s390x.rpm     8e6f35ae84bd953c68c005f1435cac2b
gstreamer-plugins-devel-0.6.0-19.s390x.rpm     c1bbdb226a2168df362219c35a247bc3
 
x86_64:
gstreamer-plugins-0.6.0-19.x86_64.rpm     6ce312c12f361fd91565595d243e2ed5
gstreamer-plugins-devel-0.6.0-19.x86_64.rpm     c708f16269b632bb065aa689df7e38be
 
Red Hat Enterprise Linux ES (v. 3)
SRPMS:
gstreamer-plugins-0.6.0-19.src.rpm     74ba043e30db9aa04044f348dc3940ce
 
IA-32:
gstreamer-plugins-0.6.0-19.i386.rpm     e5ded8dd6ac055d26561e55ee55407d2
gstreamer-plugins-devel-0.6.0-19.i386.rpm     e504676163be7b5e052f17bc0c004513
 
IA-64:
gstreamer-plugins-0.6.0-19.ia64.rpm     f2aec7e40ae7642c9aa303dc0a06f07f
gstreamer-plugins-devel-0.6.0-19.ia64.rpm     5c9e6ed68fbcc0db5052cc915e5e6d92
 
x86_64:
gstreamer-plugins-0.6.0-19.x86_64.rpm     6ce312c12f361fd91565595d243e2ed5
gstreamer-plugins-devel-0.6.0-19.x86_64.rpm     c708f16269b632bb065aa689df7e38be
 
Red Hat Enterprise Linux WS (v. 3)
SRPMS:
gstreamer-plugins-0.6.0-19.src.rpm     74ba043e30db9aa04044f348dc3940ce
 
IA-32:
gstreamer-plugins-0.6.0-19.i386.rpm     e5ded8dd6ac055d26561e55ee55407d2
gstreamer-plugins-devel-0.6.0-19.i386.rpm     e504676163be7b5e052f17bc0c004513
 
IA-64:
gstreamer-plugins-0.6.0-19.ia64.rpm     f2aec7e40ae7642c9aa303dc0a06f07f
gstreamer-plugins-devel-0.6.0-19.ia64.rpm     5c9e6ed68fbcc0db5052cc915e5e6d92
 
x86_64:
gstreamer-plugins-0.6.0-19.x86_64.rpm     6ce312c12f361fd91565595d243e2ed5
gstreamer-plugins-devel-0.6.0-19.x86_64.rpm     c708f16269b632bb065aa689df7e38be
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

483740 - CVE-2009-0398 gstreamer-plugins: Array index error while parsing malformed QuickTime media files


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0398
http://www.redhat.com/security/updates/classification/#important

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/