SecurityFocus BUGTRAQ Mailing List: BugTraqLink Number One Link Number One Link Number Two Link Number Two Link Number One Link Number One Link Number Two Link Number Two Entire Site Advisories Calendar Columnists Elsewhere Guest Feature Infocus Library Links Mailing Lists (all) -- BUGTRAQ -- FOCUS-IDS -- FOCUS-IH -- FOCUS-LINUX -- FOCUS-MS -- FOCUS-SUN -- FOCUS-VIRUS -- FORENSICS -- INCIDENTS -- PEN-TEST -- SEC JOBS -- SF NEWS -- VULN-DEV News Products Services Tools Vulns BUGTRAQ ARCHIVE [ Message Index ] [ Thread Index ][ Reply ] [ prev Msg by Date ][ next Msg by Date ] To: BugTraq Subject: MDKSA-2003:097 - Updated mplayer packages fix buffer overflow vulnerability Date: Sep 30 2003 9:29PM Author: Mandrake Linux Security Team Message-ID: <20030930212922.31966.qmail@updates.mandrakesoft.com> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________ Mandrake Linux Security Update Advisory ________________________________________________________________________ Package name: mplayer Advisory ID: MDKSA-2003:097 Date: September 30th, 2003 Affected versions: 9.1, 9.2 ________________________________________________________________________ Problem Description: A buffer overflow vulnerability was found in MPlayer that is remotely exploitable. A malicious host can craft a harmful ASX header and trick MPlayer into executing arbitrary code when it parses that particular header. The provided packages have been patched to fix the problem. ________________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0835 http://www.mplayerhq.hu/homepage/design6/news.html ________________________________________________________________________ Updated Packages: Mandrake Linux 9.1: f7570e6580cf75230de4797c3a33547e 9.1/RPMS/libdha0.1-0.90-0.rc4.5.91mdk.i586.rpm 40c2721959aa18fc57e55835b863bec6 9.1/RPMS/libpostproc0-0.90-0.rc4.5.91mdk.i586.rpm 1a029403e5995d6ae65bd984f707df2e 9.1/RPMS/libpostproc0-devel-0.90-0.rc4.5.91mdk.i586.rpm 4a2920d055a263096f591eddbd2035f1 9.1/RPMS/mencoder-0.90-0.rc4.5.91mdk.i586.rpm 5efaf1901f318001c01459a2850ef394 9.1/RPMS/mplayer-0.90-0.rc4.5.91mdk.i586.rpm e7c6312fe3c624efd6b3068c9663b06b 9.1/RPMS/mplayer-gui-0.90-0.rc4.5.91mdk.i586.rpm 7a191e161da0ee2c710f389c85c3d625 9.1/SRPMS/mplayer-0.90-0.rc4.5.91mdk.src.rpm Mandrake Linux 9.2: bcab7e5ee159ebbab5ee5108cff16846 9.2/RPMS/libdha0.1-0.91-7.1.92mdk.i586.rpm 3053ce18c7d6ed765251f0dedbb76156 9.2/RPMS/libpostproc0-0.91-7.1.92mdk.i586.rpm 356cfd36ba9bd785d4cdebdf48746bae 9.2/RPMS/libpostproc0-devel-0.91-7.1.92mdk.i586.rpm bf22bb2e6b072ba8fab4af58297ba0a8 9.2/RPMS/mencoder-0.91-7.1.92mdk.i586.rpm c913ec99bf6ccc29c203f9b8b9fbb83b 9.2/RPMS/mplayer-0.91-7.1.92mdk.i586.rpm 8b3019a80c9b5597d2f03afd4d9a8f4a 9.2/RPMS/mplayer-gui-0.91-7.1.92mdk.i586.rpm ee2875bf5070f0083c648b980712b9ea 9.2/SRPMS/mplayer-0.91-7.1.92mdk.src.rpm ________________________________________________________________________ Bug IDs fixed (see https://qa.mandrakesoft.com for more information): ________________________________________________________________________ To upgrade automatically, use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. A list of FTP mirrors can be obtained from: http://www.mandrakesecure.net/en/ftp.php All packages are signed by MandrakeSoft for security. You can obtain the GPG public key of the Mandrake Linux Security Team by executing: gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98 Please be aware that sometimes it takes the mirrors a few hours to update. You can view other update advisories for Mandrake Linux at: http://www.mandrakesecure.net/en/advisories/ MandrakeSoft has several security-related mailing list services that anyone can subscribe to. Information on these lists can be obtained by visiting: http://www.mandrakesecure.net/en/mlist.php If you want to report vulnerabilities, please contact security_linux-mandrake.com Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQE/efWymqjQ0CJFipgRAoxzAKDL/ZYxcYBgv1DttTwj3+MH9HSGIACgktzD mY/XmwoxisEd8qmfr+5l2Vw= =eG2B -----END PGP SIGNATURE----- Want to link to this message? Use this URL: Disclaimer, Terms & Conditions About this List Featured Lists: ARIS Users bugtraq bugtraq-es bugtraq-french NEW bugtraq-jp firewalls focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics forensics-es honeypots incidents libnet pen-test secevents secpapers secprog sectools secureshell security-basics security-management NEW securityjobs vpn vuln-dev webappsec Newsletters: sf-news ms-secnews linux-secnews [ more . . . ] Privacy Statement Copyright © 1999-2003 SecurityFocus