LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: December 19th, 2014
Linux Advisory Watch: December 12th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: [ MDVSA-2009:035 ] gstreamer0.10-plugins-good Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Security vulnerabilities have been discovered and corrected in gstreamer0.10-plugins-good, might allow remote attackers to execute arbitrary code via a malformed QuickTime media file (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397). The updated packages have been patched to prevent this.
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:035
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gstreamer0.10-plugins-good
 Date    : February 10, 2009
 Affected: 2008.0, 2008.1, 2009.0
 _______________________________________________________________________

 Problem Description:

 Security vulnerabilities have been discovered and corrected in
 gstreamer0.10-plugins-good, might allow remote attackers to execute
 arbitrary code via a malformed QuickTime media file (CVE-2009-0386,
 CVE-2009-0387, CVE-2009-0397).
 
 The updated packages have been patched to prevent this.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0386
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0387
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0397
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.0:
 72a2a267f064b3557c0e7da869187920  2008.0/i586/gstreamer0.10-aalib-0.10.6-3.2mdv2008.0.i586.rpm
 fe8a04fcd9240eaa887fa5d1147c86e9  2008.0/i586/gstreamer0.10-caca-0.10.6-3.2mdv2008.0.i586.rpm
 639e4701b8431b8fff2df2d196ce3b6c  2008.0/i586/gstreamer0.10-dv-0.10.6-3.2mdv2008.0.i586.rpm
 c2a123762a863578a24d7ea82ab693cd  2008.0/i586/gstreamer0.10-esound-0.10.6-3.2mdv2008.0.i586.rpm
 8fe61dd52cd465ae43beb7e1ba311ce4  2008.0/i586/gstreamer0.10-flac-0.10.6-3.2mdv2008.0.i586.rpm
 a80a7ef4f5ac1d7280f4290d2c770485  2008.0/i586/gstreamer0.10-plugins-good-0.10.6-3.2mdv2008.0.i586.rpm
 97152f5ecea0a2c23b349191794f2700  2008.0/i586/gstreamer0.10-raw1394-0.10.6-3.2mdv2008.0.i586.rpm
 18ad6400d673b07d8f8037177873e144  2008.0/i586/gstreamer0.10-speex-0.10.6-3.2mdv2008.0.i586.rpm
 935441a9449d351bf3e0a6bfee3ac64a  2008.0/i586/gstreamer0.10-wavpack-0.10.6-3.2mdv2008.0.i586.rpm 
 f8e312ce8de8ac8d6d6e2bbfcdaf93aa  2008.0/SRPMS/gstreamer0.10-plugins-good-0.10.6-3.2mdv2008.0.src.rpm

 Mandriva Linux 2008.0/X86_64:
 a140386b0f5b582d8e64cc5584f86fde  2008.0/x86_64/gstreamer0.10-aalib-0.10.6-3.2mdv2008.0.x86_64.rpm
 5eb03a60b115cec41d78478b92586537  2008.0/x86_64/gstreamer0.10-caca-0.10.6-3.2mdv2008.0.x86_64.rpm
 564d6a79a523ad54d7f70c02a298bba1  2008.0/x86_64/gstreamer0.10-dv-0.10.6-3.2mdv2008.0.x86_64.rpm
 9cfbae1621e6e002f764e780194d0376  2008.0/x86_64/gstreamer0.10-esound-0.10.6-3.2mdv2008.0.x86_64.rpm
 a8e034c1ec0bcfb2c3048269940340ed  2008.0/x86_64/gstreamer0.10-flac-0.10.6-3.2mdv2008.0.x86_64.rpm
 d14231b2f55e4c9959b765d091e7bafd  2008.0/x86_64/gstreamer0.10-plugins-good-0.10.6-3.2mdv2008.0.x86_64.rpm
 312e887d320ae3c36597f3a2085f64e5  2008.0/x86_64/gstreamer0.10-raw1394-0.10.6-3.2mdv2008.0.x86_64.rpm
 f4ab3bc506034b9d2e4e64fded34b026  2008.0/x86_64/gstreamer0.10-speex-0.10.6-3.2mdv2008.0.x86_64.rpm
 4f9fc5a9aadc3350c32fe95bb4824c82  2008.0/x86_64/gstreamer0.10-wavpack-0.10.6-3.2mdv2008.0.x86_64.rpm 
 f8e312ce8de8ac8d6d6e2bbfcdaf93aa  2008.0/SRPMS/gstreamer0.10-plugins-good-0.10.6-3.2mdv2008.0.src.rpm

 Mandriva Linux 2008.1:
 37ee72c4dd8c4d1d65b21d5f7c4174cf  2008.1/i586/gstreamer0.10-aalib-0.10.7-3.2mdv2008.1.i586.rpm
 94bc8fbbd6b27f76172be895762a7d22  2008.1/i586/gstreamer0.10-caca-0.10.7-3.2mdv2008.1.i586.rpm
 4822f9a52e11966aa1a3b82e8636eafb  2008.1/i586/gstreamer0.10-dv-0.10.7-3.2mdv2008.1.i586.rpm
 ed36bf5b66d719c449de031c3973fbf5  2008.1/i586/gstreamer0.10-esound-0.10.7-3.2mdv2008.1.i586.rpm
 81bd4565763e2d857d05875fdc299d99  2008.1/i586/gstreamer0.10-flac-0.10.7-3.2mdv2008.1.i586.rpm
 fe7dd742de6d0510c337c743fe6da912  2008.1/i586/gstreamer0.10-plugins-good-0.10.7-3.2mdv2008.1.i586.rpm
 86f44f42f73a2eb0dea5dc83b11fa4cf  2008.1/i586/gstreamer0.10-raw1394-0.10.7-3.2mdv2008.1.i586.rpm
 831da1ff4308a0328280992f62137932  2008.1/i586/gstreamer0.10-speex-0.10.7-3.2mdv2008.1.i586.rpm
 6e7590f10fcc99ae46a7e4970df836de  2008.1/i586/gstreamer0.10-wavpack-0.10.7-3.2mdv2008.1.i586.rpm 
 f18f7ec53b3b8653e449c1aeecb31138  2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.2mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 e25059da03c9110f482e2fbf93fd8933  2008.1/x86_64/gstreamer0.10-aalib-0.10.7-3.2mdv2008.1.x86_64.rpm
 0dcb67eb17fa5b2268b7dd37233fb261  2008.1/x86_64/gstreamer0.10-caca-0.10.7-3.2mdv2008.1.x86_64.rpm
 2efe3887ed7e82ebe16843b083295db6  2008.1/x86_64/gstreamer0.10-dv-0.10.7-3.2mdv2008.1.x86_64.rpm
 1f59d9b91fb95b8b88671fd971ef3be2  2008.1/x86_64/gstreamer0.10-esound-0.10.7-3.2mdv2008.1.x86_64.rpm
 192b9d4522516d89ebe0b29dfe80107b  2008.1/x86_64/gstreamer0.10-flac-0.10.7-3.2mdv2008.1.x86_64.rpm
 0c7510e8bbaf11a984b5d43993fd6606  2008.1/x86_64/gstreamer0.10-plugins-good-0.10.7-3.2mdv2008.1.x86_64.rpm
 e78b8da20599d9b3557f3c2d7b3d64a0  2008.1/x86_64/gstreamer0.10-raw1394-0.10.7-3.2mdv2008.1.x86_64.rpm
 b2cadc38e7054fa29b2c39341b14c8f8  2008.1/x86_64/gstreamer0.10-speex-0.10.7-3.2mdv2008.1.x86_64.rpm
 6f70bd674d5c66af13910a768618dd2b  2008.1/x86_64/gstreamer0.10-wavpack-0.10.7-3.2mdv2008.1.x86_64.rpm 
 f18f7ec53b3b8653e449c1aeecb31138  2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.2mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 fd0c54e1c7e9e89fee53b87afc6218e8  2009.0/i586/gstreamer0.10-aalib-0.10.10-2.1mdv2009.0.i586.rpm
 1e22dfe9f0a620be5d1842ce6651c416  2009.0/i586/gstreamer0.10-caca-0.10.10-2.1mdv2009.0.i586.rpm
 065cc2305d32afec3475f3f0e687a81b  2009.0/i586/gstreamer0.10-dv-0.10.10-2.1mdv2009.0.i586.rpm
 7d4158cbead8c2f257327fa947183889  2009.0/i586/gstreamer0.10-esound-0.10.10-2.1mdv2009.0.i586.rpm
 c12d76e19388a0bc96723252a6882a45  2009.0/i586/gstreamer0.10-flac-0.10.10-2.1mdv2009.0.i586.rpm
 5bd137ba566a3fbe0f7a58a293046923  2009.0/i586/gstreamer0.10-plugins-good-0.10.10-2.1mdv2009.0.i586.rpm
 2d8ffce05f943cde7237117e51816dc9  2009.0/i586/gstreamer0.10-pulse-0.10.10-2.1mdv2009.0.i586.rpm
 5546602310d369d1d9b784e9a4f47577  2009.0/i586/gstreamer0.10-raw1394-0.10.10-2.1mdv2009.0.i586.rpm
 fc4922a6c70a5c611647c5ec2f1ae9e7  2009.0/i586/gstreamer0.10-soup-0.10.10-2.1mdv2009.0.i586.rpm
 d42916979b54613c3be7591ade5da727  2009.0/i586/gstreamer0.10-speex-0.10.10-2.1mdv2009.0.i586.rpm
 c2581f15e3439fe5dbd7096541ad46e8  2009.0/i586/gstreamer0.10-wavpack-0.10.10-2.1mdv2009.0.i586.rpm 
 08723d4a2eaa0f5d564a34ae120d8390  2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.1mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 618b0f23135de1db4cc3a55f6c32973c  2009.0/x86_64/gstreamer0.10-aalib-0.10.10-2.1mdv2009.0.x86_64.rpm
 4fe0b93bb062c565b1bc1eb63d5d5642  2009.0/x86_64/gstreamer0.10-caca-0.10.10-2.1mdv2009.0.x86_64.rpm
 3b2b4a8704411fad70e9156dbad3ed4a  2009.0/x86_64/gstreamer0.10-dv-0.10.10-2.1mdv2009.0.x86_64.rpm
 860a46cac6e60a0d9a543c8e89f46584  2009.0/x86_64/gstreamer0.10-esound-0.10.10-2.1mdv2009.0.x86_64.rpm
 52bd426b3821c4d844999f5e3bfa77d9  2009.0/x86_64/gstreamer0.10-flac-0.10.10-2.1mdv2009.0.x86_64.rpm
 0f52a696ac6afdf0d8265872d1748a2a  2009.0/x86_64/gstreamer0.10-plugins-good-0.10.10-2.1mdv2009.0.x86_64.rpm
 5fb651ebf99b93fb346f734e9ca5cbfe  2009.0/x86_64/gstreamer0.10-pulse-0.10.10-2.1mdv2009.0.x86_64.rpm
 5f7e0823e61559dd0037a14328b13925  2009.0/x86_64/gstreamer0.10-raw1394-0.10.10-2.1mdv2009.0.x86_64.rpm
 ee78e14a1831e667338b486de297b4b1  2009.0/x86_64/gstreamer0.10-soup-0.10.10-2.1mdv2009.0.x86_64.rpm
 1678a544c7651cd119d2746e9c3949a1  2009.0/x86_64/gstreamer0.10-speex-0.10.10-2.1mdv2009.0.x86_64.rpm
 31ec957603b4a0deb044ec2f7c427cb0  2009.0/x86_64/gstreamer0.10-wavpack-0.10.10-2.1mdv2009.0.x86_64.rpm 
 08723d4a2eaa0f5d564a34ae120d8390  2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.1mdv2009.0.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.