Skip to navigation

Security Advisory Important: gstreamer-plugins security update

Advisory: RHSA-2011:1264-1
Type: Security Advisory
Severity: Important
Issued on: 2011-09-06
Last updated on: 2011-09-06
Affected Products: Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 4)
CVEs (cve.mitre.org): CVE-2011-2911
CVE-2011-2912
CVE-2011-2913
CVE-2011-2914
CVE-2011-2915

Details

Updated gstreamer-plugins packages that fix multiple security issues are
now available for Red Hat Enterprise Linux 4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The gstreamer-plugins packages contain plug-ins used by the GStreamer
streaming-media framework to support a wide variety of media formats.

An integer overflow flaw, a boundary error, and multiple off-by-one flaws
were found in various ModPlug music file format library (libmodplug)
modules, embedded in GStreamer. An attacker could create specially-crafted
music files that, when played by a victim, would cause applications using
GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911,
CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915)

All users of gstreamer-plugins are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. After
installing the update, all applications using GStreamer (such as Rhythmbox)
must be restarted for the changes to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Desktop (v. 4)

SRPMS:
gstreamer-plugins-0.8.5-1.EL.4.src.rpm     MD5: 5e2fef971f7ac7a822a9e0f571584c21
SHA-256: ebd79d150d42dd86d1bfc38b86d2c908d20b163e0ac95214264b2fa8baf60958
 
IA-32:
gstreamer-plugins-0.8.5-1.EL.4.i386.rpm     MD5: 1e5fbfb854f053139321feee2684b7e6
SHA-256: 09cc2aa7cde74ead9f5b26d9da8e3548bcf1c41ce8d317811b3086fb85baf5ee
gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm     MD5: 39eb56ecb450d17580afaa58dc14c147
SHA-256: 40d6316e56e742e7d52937f436be6a4a91225d9832251c54debffab4548815de
 
x86_64:
gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm     MD5: d926bdac2786fe2b1d292a9be26eeb93
SHA-256: aa7f6a99e2e595aa6cd266229d4e714c0cc2ccbff829dcdad339b2fd7182f7cd
gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm     MD5: 19fd819eac5a93b2d1fd0c9cfe5f427c
SHA-256: f4f4b64dfbd2656d9ac63d174da2e50fa86fab3eb90a8b36327fb2b4fdf74e01
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
gstreamer-plugins-0.8.5-1.EL.4.src.rpm     MD5: 5e2fef971f7ac7a822a9e0f571584c21
SHA-256: ebd79d150d42dd86d1bfc38b86d2c908d20b163e0ac95214264b2fa8baf60958
 
IA-32:
gstreamer-plugins-0.8.5-1.EL.4.i386.rpm     MD5: 1e5fbfb854f053139321feee2684b7e6
SHA-256: 09cc2aa7cde74ead9f5b26d9da8e3548bcf1c41ce8d317811b3086fb85baf5ee
gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm     MD5: 39eb56ecb450d17580afaa58dc14c147
SHA-256: 40d6316e56e742e7d52937f436be6a4a91225d9832251c54debffab4548815de
 
IA-64:
gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm     MD5: 9face7d6d53e29fa4c6f825277448880
SHA-256: 74e211161f6a8c2a66da0bc296ec93b85e0ef3598a8e0ab01028db75f817f279
gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm     MD5: 4ec3244ce8a0ca22a3267035e67aa20a
SHA-256: bdf8395223766dadba660d2ac020820f5ae3eadf5cf11e82d31ce724d0b1924e
 
PPC:
gstreamer-plugins-0.8.5-1.EL.4.ppc.rpm     MD5: 600339b640893ed95f76b072e2532a12
SHA-256: 3f35a190a14fe2f9436629bcad88b3580f2bf4c95ce3e4ee5476f23330938a49
gstreamer-plugins-devel-0.8.5-1.EL.4.ppc.rpm     MD5: 2afce856ef068010dd06e26ffe3da51c
SHA-256: 3b48ce746115e12b2f4b9b5811447f0d572a0162efeb1ce8f93127e53baba2a7
 
s390:
gstreamer-plugins-0.8.5-1.EL.4.s390.rpm     MD5: bfd803f7d56a3ec44a78b1ebfb48d743
SHA-256: 38f72bc0564fe98402d312f46ad6f857aefa642f4ca305437da9f8dea16f2d91
gstreamer-plugins-devel-0.8.5-1.EL.4.s390.rpm     MD5: 513c97be8d3a9d23a7aab3baa17daa5a
SHA-256: 17698a0685bdcea3c1b00ec9fc4a9ba8a50920c84209f935780d79d25f43224b
 
s390x:
gstreamer-plugins-0.8.5-1.EL.4.s390x.rpm     MD5: 79e9e13ff3cef3f38b3b496479002ffd
SHA-256: 298ad8cfb0475387fa7a20689b3c3afe220218d6a22e3e8cbaeff1ab5f7091fa
gstreamer-plugins-devel-0.8.5-1.EL.4.s390x.rpm     MD5: 1797e3acaf234928544698806e9838d8
SHA-256: 09618d607af1dbe22e9b1fde191d1a1fdb157ba8a86ad9994e9c54aec3d35985
 
x86_64:
gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm     MD5: d926bdac2786fe2b1d292a9be26eeb93
SHA-256: aa7f6a99e2e595aa6cd266229d4e714c0cc2ccbff829dcdad339b2fd7182f7cd
gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm     MD5: 19fd819eac5a93b2d1fd0c9cfe5f427c
SHA-256: f4f4b64dfbd2656d9ac63d174da2e50fa86fab3eb90a8b36327fb2b4fdf74e01
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
gstreamer-plugins-0.8.5-1.EL.4.src.rpm     MD5: 5e2fef971f7ac7a822a9e0f571584c21
SHA-256: ebd79d150d42dd86d1bfc38b86d2c908d20b163e0ac95214264b2fa8baf60958
 
IA-32:
gstreamer-plugins-0.8.5-1.EL.4.i386.rpm     MD5: 1e5fbfb854f053139321feee2684b7e6
SHA-256: 09cc2aa7cde74ead9f5b26d9da8e3548bcf1c41ce8d317811b3086fb85baf5ee
gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm     MD5: 39eb56ecb450d17580afaa58dc14c147
SHA-256: 40d6316e56e742e7d52937f436be6a4a91225d9832251c54debffab4548815de
 
IA-64:
gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm     MD5: 9face7d6d53e29fa4c6f825277448880
SHA-256: 74e211161f6a8c2a66da0bc296ec93b85e0ef3598a8e0ab01028db75f817f279
gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm     MD5: 4ec3244ce8a0ca22a3267035e67aa20a
SHA-256: bdf8395223766dadba660d2ac020820f5ae3eadf5cf11e82d31ce724d0b1924e
 
x86_64:
gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm     MD5: d926bdac2786fe2b1d292a9be26eeb93
SHA-256: aa7f6a99e2e595aa6cd266229d4e714c0cc2ccbff829dcdad339b2fd7182f7cd
gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm     MD5: 19fd819eac5a93b2d1fd0c9cfe5f427c
SHA-256: f4f4b64dfbd2656d9ac63d174da2e50fa86fab3eb90a8b36327fb2b4fdf74e01
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
gstreamer-plugins-0.8.5-1.EL.4.src.rpm     MD5: 5e2fef971f7ac7a822a9e0f571584c21
SHA-256: ebd79d150d42dd86d1bfc38b86d2c908d20b163e0ac95214264b2fa8baf60958
 
IA-32:
gstreamer-plugins-0.8.5-1.EL.4.i386.rpm     MD5: 1e5fbfb854f053139321feee2684b7e6
SHA-256: 09cc2aa7cde74ead9f5b26d9da8e3548bcf1c41ce8d317811b3086fb85baf5ee
gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm     MD5: 39eb56ecb450d17580afaa58dc14c147
SHA-256: 40d6316e56e742e7d52937f436be6a4a91225d9832251c54debffab4548815de
 
IA-64:
gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm     MD5: 9face7d6d53e29fa4c6f825277448880
SHA-256: 74e211161f6a8c2a66da0bc296ec93b85e0ef3598a8e0ab01028db75f817f279
gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm     MD5: 4ec3244ce8a0ca22a3267035e67aa20a
SHA-256: bdf8395223766dadba660d2ac020820f5ae3eadf5cf11e82d31ce724d0b1924e
 
x86_64:
gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm     MD5: d926bdac2786fe2b1d292a9be26eeb93
SHA-256: aa7f6a99e2e595aa6cd266229d4e714c0cc2ccbff829dcdad339b2fd7182f7cd
gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm     MD5: 19fd819eac5a93b2d1fd0c9cfe5f427c
SHA-256: f4f4b64dfbd2656d9ac63d174da2e50fa86fab3eb90a8b36327fb2b4fdf74e01
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

728371 - CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915 libmodplug: multiple vulnerabilities reported in <= 0.8.8.3


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/