-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ Debian Security Advisory DSA-1839-1 security@xxxxxxxxxx http://www.debian.org/security/ Steffen Joeris July 19, 2009 http://www.debian.org/security/faq - ------------------------------------------------------------------------ Package : gst-plugins-good0.10 Vulnerability : integer overflow Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2009-1932 Debian Bugs : 531631 532352 It has been discovered that gst-plugins-good0.10, the GStreamer plugins from the "good" set, are prone to an integer overflow, when processing a large PNG file. This could lead to the execution of arbitrary code. For the stable distribution (lenny), this problem has been fixed in version 0.10.8-4.1~lenny2. For the oldstable distribution (etch), this problem has been fixed in version 0.10.4-4+etch1. Packages for the s390 and hppa architectures will be released once they are available. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.10.15-2. We recommend that you upgrade your gst-plugins-good0.10 packages. Upgrade instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - ------------------------------- Debian (oldstable) - ------------------ Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4.orig.tar.gz Size/MD5 checksum: 1894794 88aa3c31909ed467605ed04434474c4d http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.dsc Size/MD5 checksum: 1576 4369a23f0e8576377918d7d07d6328dd http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.4-4+etch1.diff.gz Size/MD5 checksum: 24338 e5b085ae2275c9da0af25175f65c7baf Architecture independent packages: http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.4-4+etch1_all.deb Size/MD5 checksum: 95182 11e977d541258f5bb44fcfa9725544be alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_alpha.deb Size/MD5 checksum: 36152 824c86b12c45a27350e4aa619e032152 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_alpha.deb Size/MD5 checksum: 701616 03d794c04e432e88e63d46fae06280a1 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_alpha.deb Size/MD5 checksum: 1724576 290c5da8efa9ca0fb8d891e972dd0d3a amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_amd64.deb Size/MD5 checksum: 1732384 18059f6e0ad6e22d30cd37f67e805242 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_amd64.deb Size/MD5 checksum: 657520 38e793fe7760a4c0ff377c2334312672 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_amd64.deb Size/MD5 checksum: 35932 07678ef5b78b7d92e558432780249b53 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_arm.deb Size/MD5 checksum: 1682156 eae4e709d2092212c332a38584a0b02b http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_arm.deb Size/MD5 checksum: 36330 c66b476327a3a8af4ff2007df3195ad9 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_arm.deb Size/MD5 checksum: 648606 7eaca1b32d4f041fd8a470b4d2cde52d i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_i386.deb Size/MD5 checksum: 1663280 57029198e3d83aa970ab33d6ca350b39 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_i386.deb Size/MD5 checksum: 35760 5edf5708f77639289fe677ed7ca2e420 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_i386.deb Size/MD5 checksum: 627152 617ca7ae96554e009c38c2a5034f1990 ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_ia64.deb Size/MD5 checksum: 38402 aad2afd4ffa648f3dfc1f7ae906dae7a http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_ia64.deb Size/MD5 checksum: 921426 8ca6d1599475312129e5d53d2a76bbb7 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_ia64.deb Size/MD5 checksum: 1699382 f4f07a7d7d090ba029b39f5593bd1506 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_mips.deb Size/MD5 checksum: 651366 81bc05502bf076091433986eedcddac3 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_mips.deb Size/MD5 checksum: 36372 6a948078c72d522d6bbea18c8d6c8605 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mips.deb Size/MD5 checksum: 1757020 019dd9d275ac509ef12fec25e1b1927a mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_mipsel.deb Size/MD5 checksum: 1736574 5fb491e85fdc9e30ec00a1785bf592ab http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_mipsel.deb Size/MD5 checksum: 36388 a938fc1e339b3ab8df7261e75a9711cb http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_mipsel.deb Size/MD5 checksum: 647074 5c63e0acec9f0acb2bfa8dfd4ba9ba0c powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_powerpc.deb Size/MD5 checksum: 718846 23a52f9af7082a81c8ab0f34b253feef http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_powerpc.deb Size/MD5 checksum: 37784 ce7cefbf74bbf303313ada78c81229fb http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_powerpc.deb Size/MD5 checksum: 1782098 969ed616b5ab16ae09166b0e7370f67e sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.4-4+etch1_sparc.deb Size/MD5 checksum: 1645906 2c53a10e752461a3580a56319f2a0f0c http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.4-4+etch1_sparc.deb Size/MD5 checksum: 636014 52bb79329a93ba8e4ab1690c69845882 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.4-4+etch1_sparc.deb Size/MD5 checksum: 35678 d9c01bd16c1ce54000b16d8385e4ef98 Debian GNU/Linux 5.0 alias lenny - -------------------------------- Debian (stable) - --------------- Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc. Source archives: http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.diff.gz Size/MD5 checksum: 30321 2f1494f7a2f648f84dd853f95fbc036b http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8-4.1~lenny2.dsc Size/MD5 checksum: 2568 bb8e690805dfc8d9eb8595cf9f8738cb http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gst-plugins-good0.10_0.10.8.orig.tar.gz Size/MD5 checksum: 2923109 467295921ca225aaa05afe9381f4b424 Architecture independent packages: http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-doc_0.10.8-4.1~lenny2_all.deb Size/MD5 checksum: 172232 cc5f1d3077e8ab179a99e7b00952e4e3 alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_alpha.deb Size/MD5 checksum: 1085902 ec69ccbbd739370cd5cdd87097845608 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_alpha.deb Size/MD5 checksum: 2559520 ef84a92578c2a8883cb1f08850bd2503 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_alpha.deb Size/MD5 checksum: 46504 d20ddb4964025adddb9c8a4c8134194f amd64 architecture (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_amd64.deb Size/MD5 checksum: 2602660 ed45c89a649bb02e74fd313c1c6ea571 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_amd64.deb Size/MD5 checksum: 1024404 e2e2767732a649c650db109e1b654cbc http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_amd64.deb Size/MD5 checksum: 46620 fb72b9020cfa305b9eac7d9dfb2611c1 arm architecture (ARM) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_arm.deb Size/MD5 checksum: 1032978 041875758c9abfc88ccd1a4584603986 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_arm.deb Size/MD5 checksum: 47358 d9ff739a754c29d75bb2ad089c1eeb18 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_arm.deb Size/MD5 checksum: 2552334 c3c6d7c30c97565b0279b439c6d15024 armel architecture (ARM EABI) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_armel.deb Size/MD5 checksum: 2575848 48e7c802f6dd71b410b75878731743c3 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_armel.deb Size/MD5 checksum: 47988 339dbfe5fed9a1b0bb4613592cbfa4c8 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_armel.deb Size/MD5 checksum: 1090394 ce9ac0488902b58a8e44a96ff6aeb5c5 hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_hppa.deb Size/MD5 checksum: 1246866 176058c93063fd428d5eba0e53f4f316 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_hppa.deb Size/MD5 checksum: 2583248 20e5ed5572de7ea2b9fc6eb6da245de3 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_hppa.deb Size/MD5 checksum: 48926 265697d276c0090ab97870e83393372e i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_i386.deb Size/MD5 checksum: 46554 6ded8d4176f2d53019907d70813c4b3a http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_i386.deb Size/MD5 checksum: 960766 6d091000a4edb70d2c979cfd56529357 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_i386.deb Size/MD5 checksum: 2503536 7a8c1fad3d157cb33e5119afd6a052cc ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_ia64.deb Size/MD5 checksum: 1409690 a0ed8bc63531bfbecd97503c68e28f60 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_ia64.deb Size/MD5 checksum: 48676 a126fb2251d1e18da80aecb8d7325727 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_ia64.deb Size/MD5 checksum: 2549976 9ed6df4d0afd911cf916b4a1afa32b59 mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_mips.deb Size/MD5 checksum: 2618126 83f8267b980702b558d177f0d3f88f5d http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_mips.deb Size/MD5 checksum: 1010320 bfa7c41cbba3541c9c0986539f8e0e45 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_mips.deb Size/MD5 checksum: 46880 5dc0f286c77dad40ffc892e2d6decc35 mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_mipsel.deb Size/MD5 checksum: 46914 91c4cb67af4427246fbb3e808bf6a699 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_mipsel.deb Size/MD5 checksum: 1002768 4d018f16fdcb9c6a6e38fff976d0943d http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_mipsel.deb Size/MD5 checksum: 2594052 f372eb96a51cf574f73931de4b5dfa51 powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_powerpc.deb Size/MD5 checksum: 2643186 73d5591a8aed7d66c726d7b63e53a302 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_powerpc.deb Size/MD5 checksum: 1084064 f00985c15b1f4164072af96b2cf69af9 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_powerpc.deb Size/MD5 checksum: 47370 9139ab03055a0cc0c58b99b6b2936c6c sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good-dbg_0.10.8-4.1~lenny2_sparc.deb Size/MD5 checksum: 2448238 d9664009d14d10e9e295d66a17a84378 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-plugins-good_0.10.8-4.1~lenny2_sparc.deb Size/MD5 checksum: 994402 fc847a1d0cb1721b8c0348a88a272b15 http://security.debian.org/pool/updates/main/g/gst-plugins-good0.10/gstreamer0.10-esd_0.10.8-4.1~lenny2_sparc.deb Size/MD5 checksum: 45996 ccfb6b7d76be3274405f20775c2d7c9f These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkpixbMACgkQ62zWxYk/rQe4IwCfUo9L78Zi48DdZEFL2908IJMt +PcAn3U9EVMAJT2grwMoTYrZeW/D1RGd =SyUl -----END PGP SIGNATURE-----