Scientific Linux Security Update : gstreamer-plugins-base on SL5.x i386/x86_64
High Nessus Plugin ID 60560
SynopsisThe remote Scientific Linux host is missing one or more security updates.
DescriptionAn integer overflow flaw which caused a heap-based buffer overflow was discovered in the Vorbis comment tags reader. An attacker could create a carefully-crafted Vorbis file that would cause an application using GStreamer to crash or, potentially, execute arbitrary code if opened by a victim. (CVE-2009-0586)
After installing this update, all applications using GStreamer (such as Totem or Rhythmbox) must be restarted for the changes to take effect.
SolutionUpdate the affected gstreamer-plugins-base and / or gstreamer-plugins-base-devel packages.