Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:0271

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63321

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:0271

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:0271.;;GStreamer is a streaming media framework, based on graphs of filters which;operate on media data. GStreamer Good Plug-ins is a collection of;well-supported, GStreamer plug-ins of good quality released under the LGPL;license.;;Multiple heap buffer overflows and an array indexing error were found in;the GStreamer's QuickTime media file format decoding plugin. An attacker;could create a carefully-crafted QuickTime media .mov file that would cause;an application using GStreamer to crash or, potentially, execute arbitrary;code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397);;All users of gstreamer-plugins-good are advised to upgrade to these updated;packages, which contain backported patches to correct these issues. After;installing the update, all applications using GStreamer (such as totem or;rhythmbox) must be restarted for the changes to take effect.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0271.

GStreamer is a streaming media framework, based on graphs of filters which
operate on media data. GStreamer Good Plug-ins is a collection of
well-supported, GStreamer plug-ins of good quality released under the LGPL
license.

Multiple heap buffer overflows and an array indexing error were found in
the GStreamer's QuickTime media file format decoding plugin. An attacker
could create a carefully-crafted QuickTime media .mov file that would cause
an application using GStreamer to crash or, potentially, execute arbitrary
code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397)

All users of gstreamer-plugins-good are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. After
installing the update, all applications using GStreamer (such as totem or
rhythmbox) must be restarted for the changes to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0386
BugTraq ID: 33405
http://www.securityfocus.com/bid/33405
Bugtraq: 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/500317/100/0/threaded
http://security.gentoo.org/glsa/glsa-200907-11.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2009:035
http://trapkit.de/advisories/TKADV2009-003.txt
http://www.openwall.com/lists/oss-security/2009/01/29/3
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10306
http://www.redhat.com/support/errata/RHSA-2009-0271.html
http://secunia.com/advisories/33650
http://secunia.com/advisories/33815
http://secunia.com/advisories/34336
http://secunia.com/advisories/35777
SuSE Security Announcement: SUSE-SR:2009:005 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
http://www.ubuntu.com/usn/USN-736-1
http://www.vupen.com/english/advisories/2009/0225
Common Vulnerability Exposure (CVE) ID: CVE-2009-0387
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10611
Common Vulnerability Exposure (CVE) ID: CVE-2009-0397
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9942
http://www.redhat.com/support/errata/RHSA-2009-0270.html
http://secunia.com/advisories/33830
XForce ISS Database: gstreamer-qtdemuxparse-bo(48555)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48555

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63321
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0271
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0271.;;GStreamer is a streaming media framework, based on graphs of filters which;operate on media data. GStreamer Good Plug-ins is a collection of;well-supported, GStreamer plug-ins of good quality released under the LGPL;license.;;Multiple heap buffer overflows and an array indexing error were found in;the GStreamer's QuickTime media file format decoding plugin. An attacker;could create a carefully-crafted QuickTime media .mov file that would cause;an application using GStreamer to crash or, potentially, execute arbitrary;code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397);;All users of gstreamer-plugins-good are advised to upgrade to these updated;packages, which contain backported patches to correct these issues. After;installing the update, all applications using GStreamer (such as totem or;rhythmbox) must be restarted for the changes to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0271. GStreamer is a streaming media framework, based on graphs of filters which operate on media data. GStreamer Good Plug-ins is a collection of well-supported, GStreamer plug-ins of good quality released under the LGPL license. Multiple heap buffer overflows and an array indexing error were found in the GStreamer's QuickTime media file format decoding plugin. An attacker could create a carefully-crafted QuickTime media .mov file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if played by a victim. (CVE-2009-0386, CVE-2009-0387, CVE-2009-0397) All users of gstreamer-plugins-good are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the update, all applications using GStreamer (such as totem or rhythmbox) must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0386 BugTraq ID: 33405 http://www.securityfocus.com/bid/33405 Bugtraq: 20090122 [TKADV2009-003] GStreamer Heap Overflow and Array Index out of Bounds Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/500317/100/0/threaded http://security.gentoo.org/glsa/glsa-200907-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:035 http://trapkit.de/advisories/TKADV2009-003.txt http://www.openwall.com/lists/oss-security/2009/01/29/3 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10306 http://www.redhat.com/support/errata/RHSA-2009-0271.html http://secunia.com/advisories/33650 http://secunia.com/advisories/33815 http://secunia.com/advisories/34336 http://secunia.com/advisories/35777 SuSE Security Announcement: SUSE-SR:2009:005 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://www.ubuntu.com/usn/USN-736-1 http://www.vupen.com/english/advisories/2009/0225 Common Vulnerability Exposure (CVE) ID: CVE-2009-0387 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10611 Common Vulnerability Exposure (CVE) ID: CVE-2009-0397 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9942 http://www.redhat.com/support/errata/RHSA-2009-0270.html http://secunia.com/advisories/33830 XForce ISS Database: gstreamer-qtdemuxparse-bo(48555) https://exchange.xforce.ibmcloud.com/vulnerabilities/48555
Copyright	Copyright (C) 2009 E-Soft Inc.