Ubuntu USN-736-1 (gst-plugins-good0.10)

The remote host is missing an update to gst-plugins-good0.10 announced via advisory USN-736-1.

It was discovered that GStreamer Good Plugins did not correctly handle malformed Composition Time To Sample (ctts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0386) It was discovered that GStreamer Good Plugins did not correctly handle malformed Sync Sample (aka stss) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0387) It was discovered that GStreamer Good Plugins did not correctly handle malformed Time-to-sample (aka stts) atom data in Quicktime (mov) movie files. If a user were tricked into opening a crafted mov file, an attacker could execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0397)

The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: gstreamer0.10-plugins-good 0.10.6-0ubuntu4.2 Ubuntu 8.04 LTS: gstreamer0.10-plugins-good 0.10.7-3ubuntu0.2 Ubuntu 8.10: gstreamer0.10-plugins-good 0.10.10.4-1ubuntu1.1 In general, a standard system upgrade is sufficient to effect the necessary changes. https://secure1.securityspace.com/smysecure/catid.html?in=USN-736-1