Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870431
Category:Red Hat Local Security Checks
Title:RedHat Update for gstreamer-plugins RHSA-2011:0477-01
Summary:The remote host is missing an update for the 'gstreamer-plugins'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'gstreamer-plugins'
package(s) announced via the referenced advisory.

Vulnerability Insight:
The gstreamer-plugins packages contain plug-ins used by the GStreamer
streaming-media framework to support a wide variety of media formats.

An integer overflow flaw, leading to a heap-based buffer overflow, and a
stack-based buffer overflow flaw were found in various ModPlug music file
format library (libmodplug) modules, embedded in GStreamer. An attacker
could create specially-crafted music files that, when played by a victim,
would cause applications using GStreamer to crash or, potentially, execute
arbitrary code. (CVE-2006-4192, CVE-2011-1574)

All users of gstreamer-plugins are advised to upgrade to these updated
packages, which contain backported patches to correct these issues. After
installing the update, all applications using GStreamer (such as Rhythmbox)
must be restarted for the changes to take effect.

Affected Software/OS:
gstreamer-plugins on Red Hat Enterprise Linux AS version 4,
Red Hat Enterprise Linux ES version 4,
Red Hat Enterprise Linux WS version 4

Solution:
Please Install the Updated Packages.

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2006-4192
BugTraq ID: 19448
http://www.securityfocus.com/bid/19448
Bugtraq: 20060809 Stack and heap overflows in MODPlug Tracker/OpenMPT 1.17.02.43 and libmodplug 0.8 (Google Search)
http://www.securityfocus.com/archive/1/442721/100/100/threaded
http://security.gentoo.org/glsa/glsa-200612-04.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2007:001
http://aluigi.altervista.org/adv/mptho-adv.txt
RedHat Security Advisories: RHSA-2011:0477
https://rhn.redhat.com/errata/RHSA-2011-0477.html
http://secunia.com/advisories/21418
http://secunia.com/advisories/22080
http://secunia.com/advisories/22658
http://secunia.com/advisories/23294
http://secunia.com/advisories/23555
http://secunia.com/advisories/26979
http://securityreason.com/securityalert/1397
SuSE Security Announcement: SUSE-SR:2006:023 (Google Search)
http://www.novell.com/linux/security/advisories/2006_23_sr.html
http://www.ubuntu.com/usn/usn-521-1
http://www.vupen.com/english/advisories/2006/3231
http://www.vupen.com/english/advisories/2006/4310
XForce ISS Database: openmpt-loadit-bo(28305)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28305
XForce ISS Database: openmpt-readsample-bo(28309)
https://exchange.xforce.ibmcloud.com/vulnerabilities/28309
Common Vulnerability Exposure (CVE) ID: CVE-2011-1574
Debian Security Information: DSA-2226 (Google Search)
http://www.debian.org/security/2011/dsa-2226
http://www.gentoo.org/security/en/glsa/glsa-201203-16.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2011:085
https://www.sec-consult.com/files/20110407-0_libmodplug_stackoverflow.txt
http://openwall.com/lists/oss-security/2011/04/11/6
http://openwall.com/lists/oss-security/2011/04/11/13
http://securitytracker.com/id?1025480
http://secunia.com/advisories/44870
http://secunia.com/advisories/48434
http://securityreason.com/securityalert/8243
https://www.ubuntu.com/usn/USN-1148-1/
CopyrightCopyright (c) 2011 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.