lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MCgHc-0007Zm-Ja@titan.mandriva.com>
Date: Fri, 05 Jun 2009 22:45:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:130 ] gstreamer0.10-plugins-good


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2009:130
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : gstreamer0.10-plugins-good
 Date    : June 5, 2009
 Affected: 2008.1, 2009.0, 2009.1
 _______________________________________________________________________

 Problem Description:

 Multiple integer overflows in the (1) user_info_callback,
 (2) user_endrow_callback, and (3) gst_pngdec_task functions
 (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
 gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
 attackers to cause a denial of service and possibly execute arbitrary
 code via a crafted PNG file, which triggers a buffer overflow
 (CVE-2009-1932).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2008.1:
 32b4c3a6282627f92f51a7d2d46ff77e  2008.1/i586/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.i586.rpm
 c795af9934302427b9eff941f8202a21  2008.1/i586/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.i586.rpm
 2f6ee0c43cceb1b6a45c397230b2007d  2008.1/i586/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.i586.rpm
 66e9ffff70400e28a06b9acad18e9460  2008.1/i586/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.i586.rpm
 7f519c98463940c13d950f2c19bc91b3  2008.1/i586/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.i586.rpm
 88d2eec0febfa0fe536d43fcc0f06281  2008.1/i586/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.i586.rpm
 e642a9932760431f65d6e2ec91aebe2f  2008.1/i586/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.i586.rpm
 16d3b8e3d5f5e79dbf975b7755d481d6  2008.1/i586/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.i586.rpm
 a35c2dacfc21179a7ce1ad2ddbde58b5  2008.1/i586/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.i586.rpm 
 7f89efbf201445b95c6d1f8e48cdbcf5  2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm

 Mandriva Linux 2008.1/X86_64:
 47251e20c751b5cac7c878577fd32cbb  2008.1/x86_64/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.x86_64.rpm
 41ad7308ecfdd545d1eeb625f9be26f0  2008.1/x86_64/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.x86_64.rpm
 c38747918e25383cf266575007b70bbc  2008.1/x86_64/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.x86_64.rpm
 3b43f5f0c6d7472bdd2d3a230ec4a5aa  2008.1/x86_64/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.x86_64.rpm
 e5eb3c018bfaf8db6f98787f919e7213  2008.1/x86_64/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.x86_64.rpm
 faf028bd1201249fef3b051451ee0a67  2008.1/x86_64/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.x86_64.rpm
 21dadd252d853fba7fc0c711c8afd00f  2008.1/x86_64/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.x86_64.rpm
 874657a9c5ae3d65a010c887462cf832  2008.1/x86_64/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.x86_64.rpm
 decd0fa087bdec088152dd61974d71b1  2008.1/x86_64/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.x86_64.rpm 
 7f89efbf201445b95c6d1f8e48cdbcf5  2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm

 Mandriva Linux 2009.0:
 de338a01c224c0b9231d8f0e3434d653  2009.0/i586/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.i586.rpm
 a96a976b99688e00563e2e239f061576  2009.0/i586/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.i586.rpm
 3864fd359d74953b036a1bdf2a442bbe  2009.0/i586/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.i586.rpm
 9bc82a78ece0447e05a6538cc307b3cc  2009.0/i586/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.i586.rpm
 40de2ef276852777418f79f97de4015d  2009.0/i586/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.i586.rpm
 e1e9be54e2de0341f427542370453873  2009.0/i586/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.i586.rpm
 5e81527fee1fbe434934160101bad731  2009.0/i586/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.i586.rpm
 4bb8e5964cdf388f30125e1799c041d9  2009.0/i586/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.i586.rpm
 5e8ecd8f2cd60980a9d1777af765ccb2  2009.0/i586/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.i586.rpm
 92926886890bb3c129d1358699369e07  2009.0/i586/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.i586.rpm
 e0af5cebef95297da35dbe644d5bd07e  2009.0/i586/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.i586.rpm 
 b52464a5db2a376c7ffe9b4ae0d73cba  2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.0/X86_64:
 b5caab29e29b756fefbb4c74e383ec00  2009.0/x86_64/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.x86_64.rpm
 e1ee1041b7ac2c2a10b5f3fb25b1cdd3  2009.0/x86_64/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.x86_64.rpm
 aa5a02a2a2b1a83738360fe55df21df4  2009.0/x86_64/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.x86_64.rpm
 dead047079a5b1a9052dfbe61b6fe5a9  2009.0/x86_64/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.x86_64.rpm
 1675f35f059b1c99228ae1aa125cfaac  2009.0/x86_64/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.x86_64.rpm
 4584962d9870e9813b128ada5469defc  2009.0/x86_64/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.x86_64.rpm
 bf54135323d93696ee68154df93ebbde  2009.0/x86_64/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.x86_64.rpm
 231e93b49075748873a361e38848f43c  2009.0/x86_64/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.x86_64.rpm
 4a8863274976927a121bee25dd421523  2009.0/x86_64/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.x86_64.rpm
 35030eeae145d26f41d0efa2c46efcff  2009.0/x86_64/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.x86_64.rpm
 11ecdd00ae934f05702c771946611333  2009.0/x86_64/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.x86_64.rpm 
 b52464a5db2a376c7ffe9b4ae0d73cba  2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm

 Mandriva Linux 2009.1:
 576d67df2c10fd5ce98fafbcccf5d31f  2009.1/i586/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.i586.rpm
 c1df9fa818ac12667db9bfd51a8801df  2009.1/i586/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.i586.rpm
 1b2cbe0c1bd991db15f8a4ff30720430  2009.1/i586/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.i586.rpm
 ae7c7483df3feb7ea984e32241bdba1f  2009.1/i586/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.i586.rpm
 d881a0c3b7943dcde1e1ce2b12f55980  2009.1/i586/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.i586.rpm
 48b03dd5ff1f72383af81056a157d4d4  2009.1/i586/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.i586.rpm
 c72a5910e0c83f2e5b29db46f1a070d5  2009.1/i586/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.i586.rpm
 2ec1d77cbee188562138681c274497d1  2009.1/i586/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.i586.rpm
 d167d2ce3cabc24af442ad53736a4ae4  2009.1/i586/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.i586.rpm
 7e533c55706311d1abb8c1cf81febad7  2009.1/i586/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.i586.rpm
 442b714ff0d64c572c3f63a2b71cf39d  2009.1/i586/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.i586.rpm 
 0e0ec096f0960620be981e5d7b4bc216  2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm

 Mandriva Linux 2009.1/X86_64:
 252223161131b2287b9e7432b5152c08  2009.1/x86_64/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.x86_64.rpm
 a9fc8b915bf67dfc270c8ac403269a89  2009.1/x86_64/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.x86_64.rpm
 162a54cf36ce97f95aa06b36d3ea40df  2009.1/x86_64/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.x86_64.rpm
 88e60113882df2d775d458f88f035243  2009.1/x86_64/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.x86_64.rpm
 23263adc4119918c8e130866a02243fa  2009.1/x86_64/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.x86_64.rpm
 63a6e950690392c3d8a7da89eeb23b1c  2009.1/x86_64/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.x86_64.rpm
 d900bf012fbac7b6ed4cd019b1dc41b3  2009.1/x86_64/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.x86_64.rpm
 c9610f9bdab919fd6989bb00278fd83d  2009.1/x86_64/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.x86_64.rpm
 f8764ecd3d4ddb75ac4fb0fa6dae0ab9  2009.1/x86_64/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.x86_64.rpm
 9dd619ff1da567ebc0cddd82b085bd87  2009.1/x86_64/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.x86_64.rpm
 070d6303a673cb624866ab61f4dff728  2009.1/x86_64/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.x86_64.rpm 
 0e0ec096f0960620be981e5d7b4bc216  2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKKVdrmqjQ0CJFipgRAvTdAJ9M4Mgl3lDDDlnwUwb5kR7dpOhp/QCgqQGH
IiI+kqUb/EO99yc0N9eKqwM=
=YXTZ
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ