Issued:
2009-02-06
Updated:
2009-02-06

RHSA-2009:0270 - Security Advisory

Synopsis

Important: gstreamer-plugins security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

Updated gstreamer-plugins packages that fix one security issue are now
available for Red Hat Enterprise Linux 4.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The gstreamer-plugins package contains plugins used by the GStreamer
streaming-media framework to support a wide variety of media types.

A heap buffer overflow was found in the GStreamer's QuickTime media file
format decoding plug-in. An attacker could create a carefully-crafted
QuickTime media .mov file that would cause an application using GStreamer
to crash or, potentially, execute arbitrary code if played by a victim.
(CVE-2009-0397)

All users of gstreamer-plugins are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing the update, all applications using GStreamer (such as rhythmbox)
must be restarted for the changes to take effect.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

  • Red Hat Enterprise Linux Server 4 x86_64
  • Red Hat Enterprise Linux Server 4 ia64
  • Red Hat Enterprise Linux Server 4 i386
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 ia64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7 i386
  • Red Hat Enterprise Linux Workstation 4 x86_64
  • Red Hat Enterprise Linux Workstation 4 ia64
  • Red Hat Enterprise Linux Workstation 4 i386
  • Red Hat Enterprise Linux Desktop 4 x86_64
  • Red Hat Enterprise Linux Desktop 4 i386
  • Red Hat Enterprise Linux for IBM z Systems 4 s390x
  • Red Hat Enterprise Linux for IBM z Systems 4 s390
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7 s390
  • Red Hat Enterprise Linux for Power, big endian 4 ppc
  • Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7 ppc

Fixes

  • BZ - 481267 - CVE-2009-0397 gstreamer-plugins, gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Time-to-sample (stss) atom data

Red Hat Enterprise Linux Server 4

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
x86_64
gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm SHA-256: 46fdcf06514ed5e2d25136319ae4dacf91d17fea71ad7704cecb6ae52f0d4a72
gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm SHA-256: 46fdcf06514ed5e2d25136319ae4dacf91d17fea71ad7704cecb6ae52f0d4a72
gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm SHA-256: 965b40215f60b3dff77fa1a44aeed8c88da69e156afaf40773788174e432d98c
gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm SHA-256: 965b40215f60b3dff77fa1a44aeed8c88da69e156afaf40773788174e432d98c
ia64
gstreamer-plugins-0.8.5-1.EL.2.ia64.rpm SHA-256: 15046db725fd5bf791ef9f6865090838fb94fdbb6ce93c23c30f1001d6c7b0d6
gstreamer-plugins-0.8.5-1.EL.2.ia64.rpm SHA-256: 15046db725fd5bf791ef9f6865090838fb94fdbb6ce93c23c30f1001d6c7b0d6
gstreamer-plugins-devel-0.8.5-1.EL.2.ia64.rpm SHA-256: ae08dd4bde9646cf2f2a69df7ead97289022ea1268457d0164573216370772d9
gstreamer-plugins-devel-0.8.5-1.EL.2.ia64.rpm SHA-256: ae08dd4bde9646cf2f2a69df7ead97289022ea1268457d0164573216370772d9
i386
gstreamer-plugins-0.8.5-1.EL.2.i386.rpm SHA-256: 9ccd9f37c673099e9cd896fe999445be647f8d696eafc9a4e087b854f7291bb9
gstreamer-plugins-0.8.5-1.EL.2.i386.rpm SHA-256: 9ccd9f37c673099e9cd896fe999445be647f8d696eafc9a4e087b854f7291bb9
gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm SHA-256: f7878e6fa504567daff4b94c463b5da223a9be748497554689131560994fe6b1
gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm SHA-256: f7878e6fa504567daff4b94c463b5da223a9be748497554689131560994fe6b1

Red Hat Enterprise Linux for x86_64 - Extended Update Support 4.7

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
x86_64
gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm SHA-256: 46fdcf06514ed5e2d25136319ae4dacf91d17fea71ad7704cecb6ae52f0d4a72
gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm SHA-256: 46fdcf06514ed5e2d25136319ae4dacf91d17fea71ad7704cecb6ae52f0d4a72
gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm SHA-256: 965b40215f60b3dff77fa1a44aeed8c88da69e156afaf40773788174e432d98c
gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm SHA-256: 965b40215f60b3dff77fa1a44aeed8c88da69e156afaf40773788174e432d98c
ia64
gstreamer-plugins-0.8.5-1.EL.2.ia64.rpm SHA-256: 15046db725fd5bf791ef9f6865090838fb94fdbb6ce93c23c30f1001d6c7b0d6
gstreamer-plugins-0.8.5-1.EL.2.ia64.rpm SHA-256: 15046db725fd5bf791ef9f6865090838fb94fdbb6ce93c23c30f1001d6c7b0d6
gstreamer-plugins-devel-0.8.5-1.EL.2.ia64.rpm SHA-256: ae08dd4bde9646cf2f2a69df7ead97289022ea1268457d0164573216370772d9
gstreamer-plugins-devel-0.8.5-1.EL.2.ia64.rpm SHA-256: ae08dd4bde9646cf2f2a69df7ead97289022ea1268457d0164573216370772d9
i386
gstreamer-plugins-0.8.5-1.EL.2.i386.rpm SHA-256: 9ccd9f37c673099e9cd896fe999445be647f8d696eafc9a4e087b854f7291bb9
gstreamer-plugins-0.8.5-1.EL.2.i386.rpm SHA-256: 9ccd9f37c673099e9cd896fe999445be647f8d696eafc9a4e087b854f7291bb9
gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm SHA-256: f7878e6fa504567daff4b94c463b5da223a9be748497554689131560994fe6b1
gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm SHA-256: f7878e6fa504567daff4b94c463b5da223a9be748497554689131560994fe6b1

Red Hat Enterprise Linux Workstation 4

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
x86_64
gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm SHA-256: 46fdcf06514ed5e2d25136319ae4dacf91d17fea71ad7704cecb6ae52f0d4a72
gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm SHA-256: 965b40215f60b3dff77fa1a44aeed8c88da69e156afaf40773788174e432d98c
ia64
gstreamer-plugins-0.8.5-1.EL.2.ia64.rpm SHA-256: 15046db725fd5bf791ef9f6865090838fb94fdbb6ce93c23c30f1001d6c7b0d6
gstreamer-plugins-devel-0.8.5-1.EL.2.ia64.rpm SHA-256: ae08dd4bde9646cf2f2a69df7ead97289022ea1268457d0164573216370772d9
i386
gstreamer-plugins-0.8.5-1.EL.2.i386.rpm SHA-256: 9ccd9f37c673099e9cd896fe999445be647f8d696eafc9a4e087b854f7291bb9
gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm SHA-256: f7878e6fa504567daff4b94c463b5da223a9be748497554689131560994fe6b1

Red Hat Enterprise Linux Desktop 4

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
x86_64
gstreamer-plugins-0.8.5-1.EL.2.x86_64.rpm SHA-256: 46fdcf06514ed5e2d25136319ae4dacf91d17fea71ad7704cecb6ae52f0d4a72
gstreamer-plugins-devel-0.8.5-1.EL.2.x86_64.rpm SHA-256: 965b40215f60b3dff77fa1a44aeed8c88da69e156afaf40773788174e432d98c
i386
gstreamer-plugins-0.8.5-1.EL.2.i386.rpm SHA-256: 9ccd9f37c673099e9cd896fe999445be647f8d696eafc9a4e087b854f7291bb9
gstreamer-plugins-devel-0.8.5-1.EL.2.i386.rpm SHA-256: f7878e6fa504567daff4b94c463b5da223a9be748497554689131560994fe6b1

Red Hat Enterprise Linux for IBM z Systems 4

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
s390x
gstreamer-plugins-0.8.5-1.EL.2.s390x.rpm SHA-256: 3435ebc147b388506a159a71b450b43f8d56710295a6826717618a885f1d57cd
gstreamer-plugins-devel-0.8.5-1.EL.2.s390x.rpm SHA-256: d271b5616286538469c863a30403426ed68d01f79ce00a02a3852e4a318d88c2
s390
gstreamer-plugins-0.8.5-1.EL.2.s390.rpm SHA-256: 607bbe7a1e0a1c2aeed4994afb95510ecb081decee1d1ebe6e4c5716b2788f81
gstreamer-plugins-devel-0.8.5-1.EL.2.s390.rpm SHA-256: 421e141af23d7ce2b073dd96856875f7616d16286a04e8b7756757843e170666

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 4.7

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
s390x
gstreamer-plugins-0.8.5-1.EL.2.s390x.rpm SHA-256: 3435ebc147b388506a159a71b450b43f8d56710295a6826717618a885f1d57cd
gstreamer-plugins-devel-0.8.5-1.EL.2.s390x.rpm SHA-256: d271b5616286538469c863a30403426ed68d01f79ce00a02a3852e4a318d88c2
s390
gstreamer-plugins-0.8.5-1.EL.2.s390.rpm SHA-256: 607bbe7a1e0a1c2aeed4994afb95510ecb081decee1d1ebe6e4c5716b2788f81
gstreamer-plugins-devel-0.8.5-1.EL.2.s390.rpm SHA-256: 421e141af23d7ce2b073dd96856875f7616d16286a04e8b7756757843e170666

Red Hat Enterprise Linux for Power, big endian 4

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
ppc
gstreamer-plugins-0.8.5-1.EL.2.ppc.rpm SHA-256: e942b2a9eff320c270d2e9d4045af7cd1961b8d571ba92448d59957e35a88aa1
gstreamer-plugins-devel-0.8.5-1.EL.2.ppc.rpm SHA-256: 8818d1ae890d06ac7ca2fea200c8b94db32b7f0205648272397d2ec574786f9c

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 4.7

SRPM
gstreamer-plugins-0.8.5-1.EL.2.src.rpm SHA-256: 77f2d20a6f7da3d591789b478aaf2361926d1aa1c024e0289752065cabc8536a
ppc
gstreamer-plugins-0.8.5-1.EL.2.ppc.rpm SHA-256: e942b2a9eff320c270d2e9d4045af7cd1961b8d571ba92448d59957e35a88aa1
gstreamer-plugins-devel-0.8.5-1.EL.2.ppc.rpm SHA-256: 8818d1ae890d06ac7ca2fea200c8b94db32b7f0205648272397d2ec574786f9c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.