lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-id: <E1HvKkN-0006Vr-Nh@artemis.annvix.ca>
Date: Mon, 04 Jun 2007 16:09:55 -0600
From: security@...driva.com
To: bugtraq@...urityfocus.com
Subject: [ MDKSA-2007:112 ] - Updated mplayer packages fix buffer overflow
 vulnerability


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2007:112
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : mplayer
 Date    : June 4, 2007
 Affected: 2007.0, 2007.1, Corporate 3.0
 _______________________________________________________________________
 
 Problem Description:
 
 Buffer overflow in the asmrp_eval function for the Real Media input
 plugin allows remote attackers to cause a denial of service and
 possibly execute arbitrary code via a rulebook with a large number
 of rulematches.
 
 Updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2007.0:
 830fb73b1b7ef7bce6f6f21a44d9e89f  2007.0/i586/libdha1.0-1.0-1.pre8.13.3mdv2007.0.i586.rpm
 0235e5abe7ff905ccbe2623876946915  2007.0/i586/mencoder-1.0-1.pre8.13.3mdv2007.0.i586.rpm
 54faca2a832a87403e4ac4f02b719d9e  2007.0/i586/mplayer-1.0-1.pre8.13.3mdv2007.0.i586.rpm
 3adef91daba9c23859a411e6e7fed99d  2007.0/i586/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.i586.rpm 
 77b7d6c6bcaeabeacffc1a67b11783e3  2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm

 Mandriva Linux 2007.0/X86_64:
 7db8e08bbc3a2a7780b9cb6172372966  2007.0/x86_64/mencoder-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm
 5b94344377c17fc27cc6387c1f8d56dc  2007.0/x86_64/mplayer-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm
 ec5d71b9b1ab30deb6fe717a4361c7ed  2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm 
 77b7d6c6bcaeabeacffc1a67b11783e3  2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm

 Mandriva Linux 2007.1:
 e35f5cf2df21511dc7c1b8b5d95a4936  2007.1/i586/libdha1.0-1.0-1.rc1.11.1mdv2007.1.i586.rpm
 da4702585498a73d5697e55a5e08f834  2007.1/i586/mencoder-1.0-1.rc1.11.1mdv2007.1.i586.rpm
 22be41581519dc8d8e6e1a28472fe35d  2007.1/i586/mplayer-1.0-1.rc1.11.1mdv2007.1.i586.rpm
 76bd7950cd1790bbf3caeaa3de75202a  2007.1/i586/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.i586.rpm
 48cc118f6e33ddc1db7268b7a4436c51  2007.1/i586/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.i586.rpm 
 f6328948547b7dcb4c085ce1e959986f  2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm

 Mandriva Linux 2007.1/X86_64:
 780ef1ea825746d89c0ad855920383fe  2007.1/x86_64/mencoder-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm
 1d338368b9c85ba5b537eab6d7458e26  2007.1/x86_64/mplayer-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm
 274d7330781b618dcf413fda2231615f  2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm
 955284559324b44e9e6ddbf60c682d68  2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm 
 f6328948547b7dcb4c085ce1e959986f  2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm

 Corporate 3.0:
 f1b7f04506edd2f048821aa868f312b0  corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.11.C30mdk.i586.rpm
 4250be5ebe5ccae0f1233343699aa3a9  corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.11.C30mdk.i586.rpm
 9c2ee76860184398988a33347d591fd2  corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.11.C30mdk.i586.rpm
 5d1d7efad438f4c645a9124b6c5a2ac8  corporate/3.0/i586/mencoder-1.0-0.pre3.14.11.C30mdk.i586.rpm
 fdd5ab4e3aefef7ea1f42c2bbf48d860  corporate/3.0/i586/mplayer-1.0-0.pre3.14.11.C30mdk.i586.rpm
 b493e323ce7e94c5728cc2a373c40fc5  corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.11.C30mdk.i586.rpm 
 228c3d1cfdc176ce0ca36af225a15683  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 5703a3b6ccd14cd700762f63b9da58ca  corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.11.C30mdk.x86_64.rpm
 16152708c55cd45a374398cb1b0aff1a  corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.11.C30mdk.x86_64.rpm
 2fc00f3155f4f51875b66ae27207c275  corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.11.C30mdk.x86_64.rpm
 152fbb089a239522190c7ec6d1720c46  corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.11.C30mdk.x86_64.rpm 
 228c3d1cfdc176ce0ca36af225a15683  corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGZGKsmqjQ0CJFipgRArfTAJ9R4vCvsq/7/ihChUth5SohCQxQPACfbY+W
GsEyIsiCdItN1JAcODQN35Y=
=ZDrW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ