-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: gstreamer-plugins security update Advisory ID: RHSA-2011:1264-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2011-1264.html Issue date: 2011-09-06 CVE Names: CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915 ===================================================================== 1. Summary: Updated gstreamer-plugins packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Description: The gstreamer-plugins packages contain plug-ins used by the GStreamer streaming-media framework to support a wide variety of media formats. An integer overflow flaw, a boundary error, and multiple off-by-one flaws were found in various ModPlug music file format library (libmodplug) modules, embedded in GStreamer. An attacker could create specially-crafted music files that, when played by a victim, would cause applications using GStreamer to crash or, potentially, execute arbitrary code. (CVE-2011-2911, CVE-2011-2912, CVE-2011-2913, CVE-2011-2914, CVE-2011-2915) All users of gstreamer-plugins are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as Rhythmbox) must be restarted for the changes to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 728371 - CVE-2011-2911 CVE-2011-2912 CVE-2011-2913 CVE-2011-2914 CVE-2011-2915 libmodplug: multiple vulnerabilities reported in <= 0.8.8.3 6. Package List: Red Hat Enterprise Linux AS version 4: Source: ftp://updates.redhat.com/enterprise/4AS/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm ppc: gstreamer-plugins-0.8.5-1.EL.4.ppc.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ppc.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ppc.rpm s390: gstreamer-plugins-0.8.5-1.EL.4.s390.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.s390.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.s390.rpm s390x: gstreamer-plugins-0.8.5-1.EL.4.s390x.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.s390x.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.s390x.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm Red Hat Enterprise Linux Desktop version 4: Source: ftp://updates.redhat.com/enterprise/4Desktop/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm Red Hat Enterprise Linux ES version 4: Source: ftp://updates.redhat.com/enterprise/4ES/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm Red Hat Enterprise Linux WS version 4: Source: ftp://updates.redhat.com/enterprise/4WS/en/os/SRPMS/gstreamer-plugins-0.8.5-1.EL.4.src.rpm i386: gstreamer-plugins-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.i386.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.i386.rpm ia64: gstreamer-plugins-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.ia64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.ia64.rpm x86_64: gstreamer-plugins-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-debuginfo-0.8.5-1.EL.4.x86_64.rpm gstreamer-plugins-devel-0.8.5-1.EL.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package 7. References: https://www.redhat.com/security/data/cve/CVE-2011-2911.html https://www.redhat.com/security/data/cve/CVE-2011-2912.html https://www.redhat.com/security/data/cve/CVE-2011-2913.html https://www.redhat.com/security/data/cve/CVE-2011-2914.html https://www.redhat.com/security/data/cve/CVE-2011-2915.html https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2011 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (GNU/Linux) iD8DBQFOZp+fXlSAg2UNWIIRAvGaAJ47Zgv5Pk1adhn6QrLfX62/LZUc9ACffEDQ jLw7n4PuB3ye7G7Newkgprk= =txOB -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce