[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1MCgHc-0007Zm-Ja@titan.mandriva.com>
Date: Fri, 05 Jun 2009 22:45:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2009:130 ] gstreamer0.10-plugins-good
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:130
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gstreamer0.10-plugins-good
Date : June 5, 2009
Affected: 2008.1, 2009.0, 2009.1
_______________________________________________________________________
Problem Description:
Multiple integer overflows in the (1) user_info_callback,
(2) user_endrow_callback, and (3) gst_pngdec_task functions
(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka
gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via a crafted PNG file, which triggers a buffer overflow
(CVE-2009-1932).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
32b4c3a6282627f92f51a7d2d46ff77e 2008.1/i586/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.i586.rpm
c795af9934302427b9eff941f8202a21 2008.1/i586/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.i586.rpm
2f6ee0c43cceb1b6a45c397230b2007d 2008.1/i586/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.i586.rpm
66e9ffff70400e28a06b9acad18e9460 2008.1/i586/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.i586.rpm
7f519c98463940c13d950f2c19bc91b3 2008.1/i586/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.i586.rpm
88d2eec0febfa0fe536d43fcc0f06281 2008.1/i586/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.i586.rpm
e642a9932760431f65d6e2ec91aebe2f 2008.1/i586/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.i586.rpm
16d3b8e3d5f5e79dbf975b7755d481d6 2008.1/i586/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.i586.rpm
a35c2dacfc21179a7ce1ad2ddbde58b5 2008.1/i586/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.i586.rpm
7f89efbf201445b95c6d1f8e48cdbcf5 2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
47251e20c751b5cac7c878577fd32cbb 2008.1/x86_64/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.x86_64.rpm
41ad7308ecfdd545d1eeb625f9be26f0 2008.1/x86_64/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.x86_64.rpm
c38747918e25383cf266575007b70bbc 2008.1/x86_64/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.x86_64.rpm
3b43f5f0c6d7472bdd2d3a230ec4a5aa 2008.1/x86_64/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.x86_64.rpm
e5eb3c018bfaf8db6f98787f919e7213 2008.1/x86_64/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.x86_64.rpm
faf028bd1201249fef3b051451ee0a67 2008.1/x86_64/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.x86_64.rpm
21dadd252d853fba7fc0c711c8afd00f 2008.1/x86_64/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.x86_64.rpm
874657a9c5ae3d65a010c887462cf832 2008.1/x86_64/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.x86_64.rpm
decd0fa087bdec088152dd61974d71b1 2008.1/x86_64/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.x86_64.rpm
7f89efbf201445b95c6d1f8e48cdbcf5 2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm
Mandriva Linux 2009.0:
de338a01c224c0b9231d8f0e3434d653 2009.0/i586/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.i586.rpm
a96a976b99688e00563e2e239f061576 2009.0/i586/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.i586.rpm
3864fd359d74953b036a1bdf2a442bbe 2009.0/i586/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.i586.rpm
9bc82a78ece0447e05a6538cc307b3cc 2009.0/i586/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.i586.rpm
40de2ef276852777418f79f97de4015d 2009.0/i586/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.i586.rpm
e1e9be54e2de0341f427542370453873 2009.0/i586/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.i586.rpm
5e81527fee1fbe434934160101bad731 2009.0/i586/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.i586.rpm
4bb8e5964cdf388f30125e1799c041d9 2009.0/i586/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.i586.rpm
5e8ecd8f2cd60980a9d1777af765ccb2 2009.0/i586/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.i586.rpm
92926886890bb3c129d1358699369e07 2009.0/i586/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.i586.rpm
e0af5cebef95297da35dbe644d5bd07e 2009.0/i586/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.i586.rpm
b52464a5db2a376c7ffe9b4ae0d73cba 2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
b5caab29e29b756fefbb4c74e383ec00 2009.0/x86_64/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.x86_64.rpm
e1ee1041b7ac2c2a10b5f3fb25b1cdd3 2009.0/x86_64/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.x86_64.rpm
aa5a02a2a2b1a83738360fe55df21df4 2009.0/x86_64/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.x86_64.rpm
dead047079a5b1a9052dfbe61b6fe5a9 2009.0/x86_64/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.x86_64.rpm
1675f35f059b1c99228ae1aa125cfaac 2009.0/x86_64/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.x86_64.rpm
4584962d9870e9813b128ada5469defc 2009.0/x86_64/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.x86_64.rpm
bf54135323d93696ee68154df93ebbde 2009.0/x86_64/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.x86_64.rpm
231e93b49075748873a361e38848f43c 2009.0/x86_64/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.x86_64.rpm
4a8863274976927a121bee25dd421523 2009.0/x86_64/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.x86_64.rpm
35030eeae145d26f41d0efa2c46efcff 2009.0/x86_64/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.x86_64.rpm
11ecdd00ae934f05702c771946611333 2009.0/x86_64/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.x86_64.rpm
b52464a5db2a376c7ffe9b4ae0d73cba 2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm
Mandriva Linux 2009.1:
576d67df2c10fd5ce98fafbcccf5d31f 2009.1/i586/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.i586.rpm
c1df9fa818ac12667db9bfd51a8801df 2009.1/i586/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.i586.rpm
1b2cbe0c1bd991db15f8a4ff30720430 2009.1/i586/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.i586.rpm
ae7c7483df3feb7ea984e32241bdba1f 2009.1/i586/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.i586.rpm
d881a0c3b7943dcde1e1ce2b12f55980 2009.1/i586/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.i586.rpm
48b03dd5ff1f72383af81056a157d4d4 2009.1/i586/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.i586.rpm
c72a5910e0c83f2e5b29db46f1a070d5 2009.1/i586/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.i586.rpm
2ec1d77cbee188562138681c274497d1 2009.1/i586/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.i586.rpm
d167d2ce3cabc24af442ad53736a4ae4 2009.1/i586/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.i586.rpm
7e533c55706311d1abb8c1cf81febad7 2009.1/i586/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.i586.rpm
442b714ff0d64c572c3f63a2b71cf39d 2009.1/i586/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.i586.rpm
0e0ec096f0960620be981e5d7b4bc216 2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
252223161131b2287b9e7432b5152c08 2009.1/x86_64/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.x86_64.rpm
a9fc8b915bf67dfc270c8ac403269a89 2009.1/x86_64/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.x86_64.rpm
162a54cf36ce97f95aa06b36d3ea40df 2009.1/x86_64/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.x86_64.rpm
88e60113882df2d775d458f88f035243 2009.1/x86_64/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.x86_64.rpm
23263adc4119918c8e130866a02243fa 2009.1/x86_64/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.x86_64.rpm
63a6e950690392c3d8a7da89eeb23b1c 2009.1/x86_64/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.x86_64.rpm
d900bf012fbac7b6ed4cd019b1dc41b3 2009.1/x86_64/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.x86_64.rpm
c9610f9bdab919fd6989bb00278fd83d 2009.1/x86_64/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.x86_64.rpm
f8764ecd3d4ddb75ac4fb0fa6dae0ab9 2009.1/x86_64/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.x86_64.rpm
9dd619ff1da567ebc0cddd82b085bd87 2009.1/x86_64/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.x86_64.rpm
070d6303a673cb624866ab61f4dff728 2009.1/x86_64/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.x86_64.rpm
0e0ec096f0960620be981e5d7b4bc216 2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKKVdrmqjQ0CJFipgRAvTdAJ9M4Mgl3lDDDlnwUwb5kR7dpOhp/QCgqQGH
IiI+kqUb/EO99yc0N9eKqwM=
=YXTZ
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists