lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 21 Apr 2005 16:50:13 -0400
From: Peachtree Linux Security Team <security@...chtree.burdell.org>
To: bugtraq@...urityfocus.com
Subject: [PLSN-0003] - Remote exploits in MPlayer

---------------------------------------------------------------------------
Peachtree Linux Security Notice PLSN-0003
April 20, 2005

Remote buffer overflow and possible code execution in mplayer
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
---------------------------------------------------------------------------

The following Peachtree Linux releases are affected:

   Peachtre Linux release 1 ("Atlanta")

Description:

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln10:
   A buffer overflow vulnerability exists in the RTSP stream module,
   which could allow a malicious RealMedia server to execute arbitrary
   code.

   http://www.mplayerhq.hu/homepage/design7/news.html#vuln11:
   A buffer overflow vulnerability exists in the MMST stream module,
   which could allow malicious servers of MMS or TCP streams to execute
   arbitrary code.

Packages:

   alpha
      MPlayer did not ship in rel1 for Alpha.  Alpha is not affected by this
      vulnerability, and therefore no update is provided.

   i386
      4e71851034e4263a12f9000bdc3c461e  mplayer-1.0pre7.i686.dist

   ppc
      901e0de5cc04cdddf94ff1cad9521776  mplayer-1.0pre7.ppc.dist

Solution:

   Download the appropriate package for your release of Peachtree Linux.
   Upgrade your system to the new package:

      distadd -u packagename

   Where package name is the name of the package file from the list above.

-- 
Peachtree Linux Security Team
http://peachtree.burdell.org/

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ