-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2009:130 http://www.mandriva.com/security/ _______________________________________________________________________ Package : gstreamer0.10-plugins-good Date : June 5, 2009 Affected: 2008.1, 2009.0, 2009.1 _______________________________________________________________________ Problem Description: Multiple integer overflows in the (1) user_info_callback, (2) user_endrow_callback, and (3) gst_pngdec_task functions (ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted PNG file, which triggers a buffer overflow (CVE-2009-1932). _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1932 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.1: 32b4c3a6282627f92f51a7d2d46ff77e 2008.1/i586/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.i586.rpm c795af9934302427b9eff941f8202a21 2008.1/i586/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.i586.rpm 2f6ee0c43cceb1b6a45c397230b2007d 2008.1/i586/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.i586.rpm 66e9ffff70400e28a06b9acad18e9460 2008.1/i586/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.i586.rpm 7f519c98463940c13d950f2c19bc91b3 2008.1/i586/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.i586.rpm 88d2eec0febfa0fe536d43fcc0f06281 2008.1/i586/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.i586.rpm e642a9932760431f65d6e2ec91aebe2f 2008.1/i586/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.i586.rpm 16d3b8e3d5f5e79dbf975b7755d481d6 2008.1/i586/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.i586.rpm a35c2dacfc21179a7ce1ad2ddbde58b5 2008.1/i586/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.i586.rpm 7f89efbf201445b95c6d1f8e48cdbcf5 2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm Mandriva Linux 2008.1/X86_64: 47251e20c751b5cac7c878577fd32cbb 2008.1/x86_64/gstreamer0.10-aalib-0.10.7-3.3mdv2008.1.x86_64.rpm 41ad7308ecfdd545d1eeb625f9be26f0 2008.1/x86_64/gstreamer0.10-caca-0.10.7-3.3mdv2008.1.x86_64.rpm c38747918e25383cf266575007b70bbc 2008.1/x86_64/gstreamer0.10-dv-0.10.7-3.3mdv2008.1.x86_64.rpm 3b43f5f0c6d7472bdd2d3a230ec4a5aa 2008.1/x86_64/gstreamer0.10-esound-0.10.7-3.3mdv2008.1.x86_64.rpm e5eb3c018bfaf8db6f98787f919e7213 2008.1/x86_64/gstreamer0.10-flac-0.10.7-3.3mdv2008.1.x86_64.rpm faf028bd1201249fef3b051451ee0a67 2008.1/x86_64/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.x86_64.rpm 21dadd252d853fba7fc0c711c8afd00f 2008.1/x86_64/gstreamer0.10-raw1394-0.10.7-3.3mdv2008.1.x86_64.rpm 874657a9c5ae3d65a010c887462cf832 2008.1/x86_64/gstreamer0.10-speex-0.10.7-3.3mdv2008.1.x86_64.rpm decd0fa087bdec088152dd61974d71b1 2008.1/x86_64/gstreamer0.10-wavpack-0.10.7-3.3mdv2008.1.x86_64.rpm 7f89efbf201445b95c6d1f8e48cdbcf5 2008.1/SRPMS/gstreamer0.10-plugins-good-0.10.7-3.3mdv2008.1.src.rpm Mandriva Linux 2009.0: de338a01c224c0b9231d8f0e3434d653 2009.0/i586/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.i586.rpm a96a976b99688e00563e2e239f061576 2009.0/i586/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.i586.rpm 3864fd359d74953b036a1bdf2a442bbe 2009.0/i586/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.i586.rpm 9bc82a78ece0447e05a6538cc307b3cc 2009.0/i586/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.i586.rpm 40de2ef276852777418f79f97de4015d 2009.0/i586/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.i586.rpm e1e9be54e2de0341f427542370453873 2009.0/i586/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.i586.rpm 5e81527fee1fbe434934160101bad731 2009.0/i586/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.i586.rpm 4bb8e5964cdf388f30125e1799c041d9 2009.0/i586/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.i586.rpm 5e8ecd8f2cd60980a9d1777af765ccb2 2009.0/i586/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.i586.rpm 92926886890bb3c129d1358699369e07 2009.0/i586/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.i586.rpm e0af5cebef95297da35dbe644d5bd07e 2009.0/i586/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.i586.rpm b52464a5db2a376c7ffe9b4ae0d73cba 2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm Mandriva Linux 2009.0/X86_64: b5caab29e29b756fefbb4c74e383ec00 2009.0/x86_64/gstreamer0.10-aalib-0.10.10-2.2mdv2009.0.x86_64.rpm e1ee1041b7ac2c2a10b5f3fb25b1cdd3 2009.0/x86_64/gstreamer0.10-caca-0.10.10-2.2mdv2009.0.x86_64.rpm aa5a02a2a2b1a83738360fe55df21df4 2009.0/x86_64/gstreamer0.10-dv-0.10.10-2.2mdv2009.0.x86_64.rpm dead047079a5b1a9052dfbe61b6fe5a9 2009.0/x86_64/gstreamer0.10-esound-0.10.10-2.2mdv2009.0.x86_64.rpm 1675f35f059b1c99228ae1aa125cfaac 2009.0/x86_64/gstreamer0.10-flac-0.10.10-2.2mdv2009.0.x86_64.rpm 4584962d9870e9813b128ada5469defc 2009.0/x86_64/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.x86_64.rpm bf54135323d93696ee68154df93ebbde 2009.0/x86_64/gstreamer0.10-pulse-0.10.10-2.2mdv2009.0.x86_64.rpm 231e93b49075748873a361e38848f43c 2009.0/x86_64/gstreamer0.10-raw1394-0.10.10-2.2mdv2009.0.x86_64.rpm 4a8863274976927a121bee25dd421523 2009.0/x86_64/gstreamer0.10-soup-0.10.10-2.2mdv2009.0.x86_64.rpm 35030eeae145d26f41d0efa2c46efcff 2009.0/x86_64/gstreamer0.10-speex-0.10.10-2.2mdv2009.0.x86_64.rpm 11ecdd00ae934f05702c771946611333 2009.0/x86_64/gstreamer0.10-wavpack-0.10.10-2.2mdv2009.0.x86_64.rpm b52464a5db2a376c7ffe9b4ae0d73cba 2009.0/SRPMS/gstreamer0.10-plugins-good-0.10.10-2.2mdv2009.0.src.rpm Mandriva Linux 2009.1: 576d67df2c10fd5ce98fafbcccf5d31f 2009.1/i586/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.i586.rpm c1df9fa818ac12667db9bfd51a8801df 2009.1/i586/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.i586.rpm 1b2cbe0c1bd991db15f8a4ff30720430 2009.1/i586/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.i586.rpm ae7c7483df3feb7ea984e32241bdba1f 2009.1/i586/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.i586.rpm d881a0c3b7943dcde1e1ce2b12f55980 2009.1/i586/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.i586.rpm 48b03dd5ff1f72383af81056a157d4d4 2009.1/i586/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.i586.rpm c72a5910e0c83f2e5b29db46f1a070d5 2009.1/i586/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.i586.rpm 2ec1d77cbee188562138681c274497d1 2009.1/i586/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.i586.rpm d167d2ce3cabc24af442ad53736a4ae4 2009.1/i586/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.i586.rpm 7e533c55706311d1abb8c1cf81febad7 2009.1/i586/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.i586.rpm 442b714ff0d64c572c3f63a2b71cf39d 2009.1/i586/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.i586.rpm 0e0ec096f0960620be981e5d7b4bc216 2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm Mandriva Linux 2009.1/X86_64: 252223161131b2287b9e7432b5152c08 2009.1/x86_64/gstreamer0.10-aalib-0.10.14-1.1mdv2009.1.x86_64.rpm a9fc8b915bf67dfc270c8ac403269a89 2009.1/x86_64/gstreamer0.10-caca-0.10.14-1.1mdv2009.1.x86_64.rpm 162a54cf36ce97f95aa06b36d3ea40df 2009.1/x86_64/gstreamer0.10-dv-0.10.14-1.1mdv2009.1.x86_64.rpm 88e60113882df2d775d458f88f035243 2009.1/x86_64/gstreamer0.10-esound-0.10.14-1.1mdv2009.1.x86_64.rpm 23263adc4119918c8e130866a02243fa 2009.1/x86_64/gstreamer0.10-flac-0.10.14-1.1mdv2009.1.x86_64.rpm 63a6e950690392c3d8a7da89eeb23b1c 2009.1/x86_64/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.x86_64.rpm d900bf012fbac7b6ed4cd019b1dc41b3 2009.1/x86_64/gstreamer0.10-pulse-0.10.14-1.1mdv2009.1.x86_64.rpm c9610f9bdab919fd6989bb00278fd83d 2009.1/x86_64/gstreamer0.10-raw1394-0.10.14-1.1mdv2009.1.x86_64.rpm f8764ecd3d4ddb75ac4fb0fa6dae0ab9 2009.1/x86_64/gstreamer0.10-soup-0.10.14-1.1mdv2009.1.x86_64.rpm 9dd619ff1da567ebc0cddd82b085bd87 2009.1/x86_64/gstreamer0.10-speex-0.10.14-1.1mdv2009.1.x86_64.rpm 070d6303a673cb624866ab61f4dff728 2009.1/x86_64/gstreamer0.10-wavpack-0.10.14-1.1mdv2009.1.x86_64.rpm 0e0ec096f0960620be981e5d7b4bc216 2009.1/SRPMS/gstreamer0.10-plugins-good-0.10.14-1.1mdv2009.1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFKKVdrmqjQ0CJFipgRAvTdAJ9M4Mgl3lDDDlnwUwb5kR7dpOhp/QCgqQGH IiI+kqUb/EO99yc0N9eKqwM= =YXTZ -----END PGP SIGNATURE-----