To: [email protected]Subject: [ MDVSA-2009:085 ] gstreamer0.10-plugins-base
Date: Thu, 02 Apr 2009 17:30:01 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1LpOrh-0003qK-4H@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:085
http://www.mandriva.com/security/
_______________________________________________________________________
Package : gstreamer0.10-plugins-base
Date : April 2, 2009
Affected: 2008.0, 2008.1, 2009.0
_______________________________________________________________________
Problem Description:
Integer overflows in gstreamer0.10-plugins-base Base64 encoding and
decoding functions (related with glib2.0 issue CVE-2008-4316) may
lead attackers to cause denial of service. Altough vector attacks
are not known yet (CVE-2009-0586).
This update provide the fix for that security issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0586
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
12542730be9e404ff1fd8516c2343d8c 2008.0/i586/gstreamer0.10-cdparanoia-0.10.14-1.1mdv2008.0.i586.rpm
855f4fcf92e4163ac423873b4f98bc5b 2008.0/i586/gstreamer0.10-gnomevfs-0.10.14-1.1mdv2008.0.i586.rpm
7dc212c5023989f8f841b477413c0da6 2008.0/i586/gstreamer0.10-libvisual-0.10.14-1.1mdv2008.0.i586.rpm
18ce72c0b1a15e530abb599b7b619436 2008.0/i586/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.i586.rpm
2adfc350673e8640a6e0c89891b43e3e 2008.0/i586/libgstreamer-plugins-base0.10-0.10.14-1.1mdv2008.0.i586.rpm
0932dd52403330834a9c9903eb7eb070 2008.0/i586/libgstreamer-plugins-base0.10-devel-0.10.14-1.1mdv2008.0.i586.rpm
a3c1ae2f5d0996398c62d4c00eb7bdf4 2008.0/SRPMS/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
8a1096f42d6b55e38ae6476d6ec9d868 2008.0/x86_64/gstreamer0.10-cdparanoia-0.10.14-1.1mdv2008.0.x86_64.rpm
90264a683847f0632268c789cae6be57 2008.0/x86_64/gstreamer0.10-gnomevfs-0.10.14-1.1mdv2008.0.x86_64.rpm
6a8459a089bd2ffa02fe60520dafa810 2008.0/x86_64/gstreamer0.10-libvisual-0.10.14-1.1mdv2008.0.x86_64.rpm
dbe6030637bfdf415148c6aeb259aa0b 2008.0/x86_64/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.x86_64.rpm
022aff0560797a7d3b40e87d78fd7017 2008.0/x86_64/lib64gstreamer-plugins-base0.10-0.10.14-1.1mdv2008.0.x86_64.rpm
22e18afda7ee42298f7cfdb5bda48f30 2008.0/x86_64/lib64gstreamer-plugins-base0.10-devel-0.10.14-1.1mdv2008.0.x86_64.rpm
a3c1ae2f5d0996398c62d4c00eb7bdf4 2008.0/SRPMS/gstreamer0.10-plugins-base-0.10.14-1.1mdv2008.0.src.rpm
Mandriva Linux 2008.1:
a61869a3e48117e309f44731b4a7edba 2008.1/i586/gstreamer0.10-cdparanoia-0.10.17-3.1mdv2008.1.i586.rpm
995c27a7892850ff988af6c20f4e98b7 2008.1/i586/gstreamer0.10-gnomevfs-0.10.17-3.1mdv2008.1.i586.rpm
a7b77a7757686f79288ca00ba21cee65 2008.1/i586/gstreamer0.10-libvisual-0.10.17-3.1mdv2008.1.i586.rpm
26e49d6f77c6d343f12afc7af34aec46 2008.1/i586/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.i586.rpm
147bed861fb0e7212279b50d8f0db2f2 2008.1/i586/libgstreamer-plugins-base0.10-0.10.17-3.1mdv2008.1.i586.rpm
7dd60454ee39dc3dbeaa0a421662ad49 2008.1/i586/libgstreamer-plugins-base0.10-devel-0.10.17-3.1mdv2008.1.i586.rpm
d954ddbfc4793e83f7c386c0ee6d4620 2008.1/SRPMS/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
ff499a231f5e78954326be2c70c74f60 2008.1/x86_64/gstreamer0.10-cdparanoia-0.10.17-3.1mdv2008.1.x86_64.rpm
a524756d6de5201dd8b7a19ee0c7221d 2008.1/x86_64/gstreamer0.10-gnomevfs-0.10.17-3.1mdv2008.1.x86_64.rpm
6f5784baec383db8f02ec541f9ad5db5 2008.1/x86_64/gstreamer0.10-libvisual-0.10.17-3.1mdv2008.1.x86_64.rpm
cf7666cd24c1699bc7a985b62dedc5d2 2008.1/x86_64/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.x86_64.rpm
9dd3f20e2dc096e88d2eadfcf95a04a6 2008.1/x86_64/lib64gstreamer-plugins-base0.10-0.10.17-3.1mdv2008.1.x86_64.rpm
a32032a8785d41024021d614c24df63a 2008.1/x86_64/lib64gstreamer-plugins-base0.10-devel-0.10.17-3.1mdv2008.1.x86_64.rpm
d954ddbfc4793e83f7c386c0ee6d4620 2008.1/SRPMS/gstreamer0.10-plugins-base-0.10.17-3.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
34740bb76dc96e2a2afc5c023dc1e221 2009.0/i586/gstreamer0.10-cdparanoia-0.10.20-2.1mdv2009.0.i586.rpm
293e13fd77c5d376230249076fd3a96f 2009.0/i586/gstreamer0.10-gnomevfs-0.10.20-2.1mdv2009.0.i586.rpm
9da8b262c2e0ebb99d82db6dfb95385a 2009.0/i586/gstreamer0.10-libvisual-0.10.20-2.1mdv2009.0.i586.rpm
acbd01a290b7884d8b873cea4261f395 2009.0/i586/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.i586.rpm
2359d66d1130e01bf890eb0a6fdaabd7 2009.0/i586/libgstreamer-plugins-base0.10-0.10.20-2.1mdv2009.0.i586.rpm
23bf4f1729461a1898e4b33fa5b4d6e2 2009.0/i586/libgstreamer-plugins-base0.10-devel-0.10.20-2.1mdv2009.0.i586.rpm
081eb3567cccd3fdbd6d489afed7b2a7 2009.0/SRPMS/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
2d8aefdcdd6b16568b1aee1229d3e22a 2009.0/x86_64/gstreamer0.10-cdparanoia-0.10.20-2.1mdv2009.0.x86_64.rpm
4cc0caf240dade948edca80b16adf49f 2009.0/x86_64/gstreamer0.10-gnomevfs-0.10.20-2.1mdv2009.0.x86_64.rpm
eeada47fb1bf597306e3c953db0c7e1f 2009.0/x86_64/gstreamer0.10-libvisual-0.10.20-2.1mdv2009.0.x86_64.rpm
4e8be34d3738eda98153944b4f37c281 2009.0/x86_64/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.x86_64.rpm
18b2ee793b291ce098c0d47b83bbd834 2009.0/x86_64/lib64gstreamer-plugins-base0.10-0.10.20-2.1mdv2009.0.x86_64.rpm
d801c5f4b3bfe9f6f0fbea6ecadf42ab 2009.0/x86_64/lib64gstreamer-plugins-base0.10-devel-0.10.20-2.1mdv2009.0.x86_64.rpm
081eb3567cccd3fdbd6d489afed7b2a7 2009.0/SRPMS/gstreamer0.10-plugins-base-0.10.20-2.1mdv2009.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFJ1K0amqjQ0CJFipgRAqsyAJ4nUdmzFkXZpVgeAqpN5VghpPyVCgCg9BpP
tTCKCg9vFkI8vWfjqxaece4=
=sgth
-----END PGP SIGNATURE-----