lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <E1DsAWQ-0005KW-J4@mercury.mandriva.com>
Date: Mon, 11 Jul 2005 20:29:22 -0600
From: Mandriva Security Team <security@...driva.com>
To: bugtraq@...urityfocus.com
Subject: MDKSA-2005:115 - Updated mplayer packages fix vulnerabilities


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           mplayer
 Advisory ID:            MDKSA-2005:115
 Date:                   July 11th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Two heap overflows were discovered in mplayer's code handling the
 RealMedia RTSP and Microsoft Media Services streams over TCP (MMST).
 These vulnerabilities could allow for a malicious server to execute
 arbitrary code on the client computer with the permissions of the
 user running MPlayer.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
  http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 bd10af1b022eab6c708b798b788d8f8f  10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm
 0f045ff30c496287bca8ecb70fd3f9d4  10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm
 2d6cc0414095376592ca2f31b530e139  10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm
 083b1fd4689665cc07477f87d171d614  10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm
 8428f9c5e8216dc20f92ddccbaaa906c  10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm
 596d46dd4d84deda9e5b38910e4d6f78  10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm
 b74e89d4c606c99857a5a5a4314e2cc3  10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 bd10af1b022eab6c708b798b788d8f8f  x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm
 0f045ff30c496287bca8ecb70fd3f9d4  x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm
 2d6cc0414095376592ca2f31b530e139  x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm
 083b1fd4689665cc07477f87d171d614  x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm
 8428f9c5e8216dc20f92ddccbaaa906c  x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm
 596d46dd4d84deda9e5b38910e4d6f78  x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm
 b74e89d4c606c99857a5a5a4314e2cc3  x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4c177eb3a8868ef01de7f8f645a8df1e  10.2/RPMS/libdha1.0-1.0-0.pre6.8.1.102mdk.i586.rpm
 e1c7dbc6206e73501b30eb57effdac5a  10.2/RPMS/libpostproc0-1.0-0.pre6.8.1.102mdk.i586.rpm
 2d3e70104fdb6d95895a7ee2bde6595d  10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.1.102mdk.i586.rpm
 99a4599c171c4d497a846ea04ca17f69  10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.i586.rpm
 c227f20edb5d7918baf3c57bb0873821  10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.i586.rpm
 fbd9082c731f6f2c1ffb9e4f8d34b3b9  10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.i586.rpm
 99eae364cc22227fd060a30c04d16ee0  10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 4fac156842e3d8128f3db891176cf5bc  x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.1.102mdk.x86_64.rpm
 4e400c2a8eec069eb48b174dad260630  x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.1.102mdk.x86_64.rpm
 4b6be0070a94b344a273c58a72887e09  x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.x86_64.rpm
 74c034b62e9a521bc1940a055ed85efa  x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.x86_64.rpm
 939796a7a34edfd1a28ede74945f6476  x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.x86_64.rpm
 99eae364cc22227fd060a30c04d16ee0  x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm

 Corporate 3.0:
 d41099adcaa6d11c38e89b576cd29c0e  corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.2.C30mdk.i586.rpm
 957d003a9d6a87dcef47000389cf1718  corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.2.C30mdk.i586.rpm
 2e03d433c8c85d92fd5f3b55993657a4  corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.2.C30mdk.i586.rpm
 c7db9472c5307cf4b2101cf85258374b  corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.i586.rpm
 2ff16f611b2e04279d82d334d22e09b2  corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.i586.rpm
 c893a7b1127e6a6b882f8a805197f704  corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.i586.rpm
 33af37ca45913f9143a14c54cf599ea9  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d56e4c1c37fc14c358679c9965a1a631  x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
 855ab006ca3e953ff0b2e74dc945ec4e  x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
 735165e505cd65f4c035778e681b4da1  x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
 0bbec21ba423cdeb16d1d3a86ce48d70  x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
 314b912d457e48b4a09ca03e94600310  x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.x86_64.rpm
 33af37ca45913f9143a14c54cf599ea9  x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC0ysCmqjQ0CJFipgRAlNDAJ4lZnvklyyUurdn8Kxq3bu3R2d3eQCcDyXh
yppl4sZhLzPezuTB76yx7Lw=
=Vq9x
-----END PGP SIGNATURE-----


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ