Test ID:	1.3.6.1.4.1.25623.1.0.63321
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0271
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0271.;;GStreamer is a streaming media framework, based on graphs of filters which;operate on media data. GStreamer Good Plug-ins is a collection of;well-supported, GStreamer plug-ins of good quality released under the LGPL;license.;;Multiple heap buffer overflows and an array indexing error were found in;the GStreamer's QuickTime media file format decoding plugin. An attacker;could create a carefully-crafted QuickTime media .mov file that would cause;an application using GStreamer to crash or, potentially, execute arbitrary;code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397);;All users of gstreamer-plugins-good are advised to upgrade to these updated;packages, which contain backported patches to correct these issues. After;installing the update, all applications using GStreamer (such as totem or;rhythmbox) must be restarted for the changes to take effect.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0271. GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, GStreamer plug-ins of good quality released under the LGPL license. Multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397) All users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as totem or rhythmbox) must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0386 BugTraq ID: 33405 http://www.securityfocus.com/bid/33405 Bugtraq: 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/500317/100/0/threaded http://security.gentoo.org/glsa/glsa-200907-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:035 http://trapkit.de/advisories/TKADV2009-003.txt http://www.openwall.com/lists/oss-security/2009/01/29/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10306 http://www.redhat.com/support/errata/RHSA-2009-0271.html http://secunia.com/advisories/33650 http://secunia.com/advisories/33815 http://secunia.com/advisories/34336 http://secunia.com/advisories/35777 SuSE Security Announcement: SUSE-SR:2009:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://www.ubuntu.com/usn/USN-736-1 http://www.vupen.com/english/advisories/2009/0225 Common Vulnerability Exposure (CVE) ID: CVE-2009-0387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10611 Common Vulnerability Exposure (CVE) ID: CVE-2009-0397 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9942 http://www.redhat.com/support/errata/RHSA-2009-0270.html http://secunia.com/advisories/33830 XForce ISS Database: gstreamer-qtdemuxparse-bo(48555) https://exchange.xforce.ibmcloud.com/vulnerabilities/48555
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.