SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: GLSA: media-video/mplayer (200309-15) Date: Sep 29 2003 2:22PM Author: Message-ID: <20030929142245.CEFBF9FB21@noc.internal.fairytale.se> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------ GENTOO LINUX SECURITY ANNOUNCEMENT 200309-15 - ------------------------------------------------------------------------ PACKAGE : media-video/mplayer SUMMARY : Buffer Overflow Vulnerability DATE : 2003-09-27 21:37 UTC EXPLOIT : remote VERSIONS AFFECTED : <=mplayer-0.91 =mplayer-1.0_pre1 FIXED VERSION : =mplayer-0.92 =mplayer-1.0_pre1-r1 GENTOO BUG ID : 29640 CVE : none that we are aware of at this time - ------------------------------------------------------------------------ SUMMARY: A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header. read the full advisory at: http://www.mplayerhq.hu/homepage/design6/news.html SOLUTION: It is recommended that all Gentoo Linux users who are running media-video/mplayer upgrade to mplayer-0.92 as follows emerge sync emerge =media-video/mplayer-0.92 emerge clean Additionally PaX users might want to /sbin/chpax -m /usr/bin/mplayer - - - --------------------------------------------------------------------- solar gentoo org aliz gentoo org - GnuPG key is available at http://dev.gentoo.org/~aliz - - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQE/eEA1fT7nyhUpoZMRAtEeAJ9xPIFRQlixCojNLTxXbZnKc3HxogCgtfwE FxePCaOajma2VGAWpq4YHag= =75dn -----END PGP SIGNATURE----- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus