From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1839-1
[email protected] http://www.debian.org/security/ Steffen Joeris
July 19, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : gst-plugins-good0.10
Vulnerability : integer overflow
Problem type : local (remote)
Debian-specific: no
CVE Id(s) : CVE-2009-1932
Debian Bugs : 531631 532352
It has been discovered that gst-plugins-good0.10, the GStreamer plugins
from the "good" set, are prone to an integer overflow, when processing
a large PNG file. This could lead to the execution of arbitrary code.
For the stable distribution (lenny), this problem has been fixed in
version 0.10.8-4.1~lenny2.
For the oldstable distribution (etch), this problem has been fixed in
version 0.10.4-4+etch1.
Packages for the s390 and hppa architectures will be released once they
are available.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 0.10.15-2.
We recommend that you upgrade your gst-plugins-good0.10 packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4.orig.tar.gz
Size/MD5 checksum: 1894794 88aa3c31909ed467605ed04434474c4d
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.dsc
Size/MD5 checksum: 1576 4369a23f0e8576377918d7d07d6328dd
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.diff.gz
Size/MD5 checksum: 24338 e5b085ae2275c9da0af25175f65c7baf
Architecture independent packages:
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.4-4+etch1_all.deb
Size/MD5 checksum: 95182 11e977d541258f5bb44fcfa9725544be
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_alpha.deb
Size/MD5 checksum: 36152 824c86b12c45a27350e4aa619e032152
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_alpha.deb
Size/MD5 checksum: 701616 03d794c04e432e88e63d46fae06280a1
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_alpha.deb
Size/MD5 checksum: 1724576 290c5da8efa9ca0fb8d891e972dd0d3a
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_amd64.deb
Size/MD5 checksum: 1732384 18059f6e0ad6e22d30cd37f67e805242
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_amd64.deb
Size/MD5 checksum: 657520 38e793fe7760a4c0ff377c2334312672
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_amd64.deb
Size/MD5 checksum: 35932 07678ef5b78b7d92e558432780249b53
arm architecture (ARM)
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_arm.deb
Size/MD5 checksum: 1682156 eae4e709d2092212c332a38584a0b02b
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_arm.deb
Size/MD5 checksum: 36330 c66b476327a3a8af4ff2007df3195ad9
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_arm.deb
Size/MD5 checksum: 648606 7eaca1b32d4f041fd8a470b4d2cde52d
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_i386.deb
Size/MD5 checksum: 1663280 57029198e3d83aa970ab33d6ca350b39
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_i386.deb
Size/MD5 checksum: 35760 5edf5708f77639289fe677ed7ca2e420
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_i386.deb
Size/MD5 checksum: 627152 617ca7ae96554e009c38c2a5034f1990
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_ia64.deb
Size/MD5 checksum: 38402 aad2afd4ffa648f3dfc1f7ae906dae7a
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_ia64.deb
Size/MD5 checksum: 921426 8ca6d1599475312129e5d53d2a76bbb7
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_ia64.deb
Size/MD5 checksum: 1699382 f4f07a7d7d090ba029b39f5593bd1506
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_mips.deb
Size/MD5 checksum: 651366 81bc05502bf076091433986eedcddac3
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_mips.deb
Size/MD5 checksum: 36372 6a948078c72d522d6bbea18c8d6c8605
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mips.deb
Size/MD5 checksum: 1757020 019dd9d275ac509ef12fec25e1b1927a
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mipsel.deb
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)