CentOS Local Security Checks : CentOS Update for gstreamer-plugins-base CESA-2009:0352 centos5 i386

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.880852

Categoría: CentOS Local Security Checks

Título: CentOS Update for gstreamer-plugins-base CESA-2009:0352 centos5 i386

Resumen: The remote host is missing an update for the 'gstreamer-plugins-base'; package(s) announced via the referenced advisory.

Descripción: Summary:
The remote host is missing an update for the 'gstreamer-plugins-base'
package(s) announced via the referenced advisory.

Vulnerability Insight:
GStreamer is a streaming media framework based on graphs of filters which
operate on media data. GStreamer Base Plug-ins is a collection of
well-maintained base plug-ins.

An integer overflow flaw which caused a heap-based buffer overflow was
discovered in the Vorbis comment tags reader. An attacker could create a
carefully-crafted Vorbis file that would cause an application using
GStreamer to crash or, potentially, execute arbitrary code if opened by a
victim. (CVE-2009-0586)

All users of gstreamer-plugins-base are advised to upgrade to these updated
packages, which contain a backported patch to correct this issue. After
installing this update, all applications using GStreamer (such as Totem or
Rhythmbox) must be restarted for the changes to take effect.

Affected Software/OS:
gstreamer-plugins-base on CentOS 5

Solution:
Please install the updated packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0586
20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://www.securityfocus.com/archive/1/501712/100/0/threaded
34100
http://www.securityfocus.com/bid/34100
34335
http://secunia.com/advisories/34335
34350
http://secunia.com/advisories/34350
35777
http://secunia.com/advisories/35777
GLSA-200907-11
http://security.gentoo.org/glsa/glsa-200907-11.xml
MDVSA-2009:085
http://www.mandriva.com/security/advisories?name=MDVSA-2009:085
SUSE-SR:2009:009
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
USN-735-1
http://www.ubuntu.com/usn/USN-735-1
[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows
http://openwall.com/lists/oss-security/2009/03/12/2
gstreamer-gstvorbistagaddcoverart-bo(49274)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49274
http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9
http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff
http://www.ocert.org/advisories/ocert-2008-015.html
oval:org.mitre.oval:def:9694
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.880852
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for gstreamer-plugins-base CESA-2009:0352 centos5 i386
Resumen:	The remote host is missing an update for the 'gstreamer-plugins-base'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'gstreamer-plugins-base' package(s) announced via the referenced advisory. Vulnerability Insight: GStreamer is a streaming media framework based on graphs of filters which operate on media data. GStreamer Base Plug-ins is a collection of well-maintained base plug-ins. An integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if opened by a victim. (CVE-2009-0586) All users of gstreamer-plugins-base are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. After installing this update, all applications using GStreamer (such as Totem or Rhythmbox) must be restarted for the changes to take effect. Affected Software/OS: gstreamer-plugins-base on CentOS 5 Solution: Please install the updated packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0586 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://www.securityfocus.com/archive/1/501712/100/0/threaded 34100 http://www.securityfocus.com/bid/34100 34335 http://secunia.com/advisories/34335 34350 http://secunia.com/advisories/34350 35777 http://secunia.com/advisories/35777 GLSA-200907-11 http://security.gentoo.org/glsa/glsa-200907-11.xml MDVSA-2009:085 http://www.mandriva.com/security/advisories?name=MDVSA-2009:085 SUSE-SR:2009:009 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html USN-735-1 http://www.ubuntu.com/usn/USN-735-1 [oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows http://openwall.com/lists/oss-security/2009/03/12/2 gstreamer-gstvorbistagaddcoverart-bo(49274) https://exchange.xforce.ibmcloud.com/vulnerabilities/49274 http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9 http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff http://www.ocert.org/advisories/ocert-2008-015.html oval:org.mitre.oval:def:9694 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694
Copyright	Copyright (C) 2011 Greenbone AG