Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:0352

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63757

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2009:0352

Resumen: The remote host is missing updates announced in;advisory RHSA-2009:0352.;;GStreamer is a streaming media framework based on graphs of filters which;operate on media data. GStreamer Base Plug-ins is a collection of;well-maintained base plug-ins.;;An integer overflow flaw which caused a heap-based buffer overflow was;discovered in the Vorbis comment tags reader. An attacker could create a;carefully-crafted Vorbis file that would cause an application using;GStreamer to crash or, potentially, execute arbitrary code if opened by a;victim. (CVE-2009-0586);;All users of gstreamer-plugins-base are advised to upgrade to these updated;packages, which contain a backported patch to correct this issue. After;installing this update, all applications using GStreamer (such as Totem or;Rhythmbox) must be restarted for the changes to take effect.

Descripción: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0352.

GStreamer is a streaming media framework based on graphs of filters which
operate on media data. GStreamer Base Plug-ins is a collection of
well-maintained base plug-ins.

An integer overflow flaw which caused a heap-based buffer overflow was
discovered in the Vorbis comment tags reader. An attacker could create a
carefully-crafted Vorbis file that would cause an application using
GStreamer to crash or, potentially, execute arbitrary code if opened by a
victim. (CVE-2009-0586)

All users of gstreamer-plugins-base are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing this update, all applications using GStreamer (such as Totem or
Rhythmbox) must be restarted for the changes to take effect.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0586
20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://www.securityfocus.com/archive/1/501712/100/0/threaded
34100
http://www.securityfocus.com/bid/34100
34335
http://secunia.com/advisories/34335
34350
http://secunia.com/advisories/34350
35777
http://secunia.com/advisories/35777
GLSA-200907-11
http://security.gentoo.org/glsa/glsa-200907-11.xml
MDVSA-2009:085
http://www.mandriva.com/security/advisories?name=MDVSA-2009:085
SUSE-SR:2009:009
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
USN-735-1
http://www.ubuntu.com/usn/USN-735-1
[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://openwall.com/lists/oss-security/2009/03/12/2
gstreamer-gstvorbistagaddcoverart-bo(49274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49274
http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9
http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff
http://www.ocert.org/advisories/ocert-2008-015.html
oval:org.mitre.oval:def:9694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63757
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2009:0352
Resumen:	The remote host is missing updates announced in;advisory RHSA-2009:0352.;;GStreamer is a streaming media framework based on graphs of filters which;operate on media data. GStreamer Base Plug-ins is a collection of;well-maintained base plug-ins.;;An integer overflow flaw which caused a heap-based buffer overflow was;discovered in the Vorbis comment tags reader. An attacker could create a;carefully-crafted Vorbis file that would cause an application using;GStreamer to crash or, potentially, execute arbitrary code if opened by a;victim. (CVE-2009-0586);;All users of gstreamer-plugins-base are advised to upgrade to these updated;packages, which contain a backported patch to correct this issue. After;installing this update, all applications using GStreamer (such as Totem or;Rhythmbox) must be restarted for the changes to take effect.
Descripción:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0352. GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if opened by a victim. (CVE-2009-0586) All users of gstreamer-plugins-base are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all applications using GStreamer (such as Totem or Rhythmbox) must be restarted for the changes to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0586 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34335 http://secunia.com/advisories/34335 34350 http://secunia.com/advisories/34350 35777 http://secunia.com/advisories/35777 GLSA-200907-11 http://security.gentoo.org/glsa/glsa-200907-11.xml MDVSA-2009:085 http://www.mandriva.com/security/advisories?name=MDVSA-2009:085 SUSE-SR:2009:009 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html USN-735-1 http://www.ubuntu.com/usn/USN-735-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 gstreamer-gstvorbistagaddcoverart-bo(49274) https://exchange.xforce.ibmcloud.com/vulnerabilities/49274 http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9 http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff http://www.ocert.org/advisories/ocert-2008-015.html oval:org.mitre.oval:def:9694 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694
Copyright	Copyright (C) 2009 E-Soft Inc.