[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1KfMUC-0003H1-Js@titan.mandriva.com>
Date: Mon, 15 Sep 2008 16:24:00 -0600
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2008:196 ] mplayer
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:196
http://www.mandriva.com/security/
_______________________________________________________________________
Package : mplayer
Date : September 15, 2008
Affected: 2008.0, 2008.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
Uncontrolled array index in the sdpplin_parse function in
stream/realrtsp/sdpplin.c in MPlayer 1.0 rc2 allows remote attackers
to overwrite memory and execute arbitrary code via a large streamid
SDP parameter.
The updated packages have been patched to fix this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1558
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
07986d15f18d7340ccdbf5906e65e2c4 2008.0/i586/libdha1.0-1.0-1.rc1.20.4mdv2008.0.i586.rpm
d3c7f28d571a501a4f21a1755d1660ce 2008.0/i586/mencoder-1.0-1.rc1.20.4mdv2008.0.i586.rpm
b59fee894fe681115cdb33e62dd270d0 2008.0/i586/mplayer-1.0-1.rc1.20.4mdv2008.0.i586.rpm
6b85efde94633b2d71073f1c1fc3a9dc 2008.0/i586/mplayer-doc-1.0-1.rc1.20.4mdv2008.0.i586.rpm
5b7db93db96afcde015a9ef42bca8554 2008.0/i586/mplayer-gui-1.0-1.rc1.20.4mdv2008.0.i586.rpm
0aa07da9587aa20dcb4316cc33b004b0 2008.0/SRPMS/mplayer-1.0-1.rc1.20.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
4ed443cd03adfb59ed71d9144224fccc 2008.0/x86_64/mencoder-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm
75a636754a8e428cb6099b735b3bda61 2008.0/x86_64/mplayer-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm
eef1df30deb2424a34ebd53be0738dbe 2008.0/x86_64/mplayer-doc-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm
efd52fecf218dfe2d1a2fe2af0d350c2 2008.0/x86_64/mplayer-gui-1.0-1.rc1.20.4mdv2008.0.x86_64.rpm
0aa07da9587aa20dcb4316cc33b004b0 2008.0/SRPMS/mplayer-1.0-1.rc1.20.4mdv2008.0.src.rpm
Mandriva Linux 2008.1:
4c9e6653d3a609e3b0e12b2a2d782190 2008.1/i586/mencoder-1.0-1.rc2.10.3mdv2008.1.i586.rpm
b86bd6f6814f76446e36b3ee6c16a388 2008.1/i586/mplayer-1.0-1.rc2.10.3mdv2008.1.i586.rpm
4d27ac4774ce0a0b88d5ff0717f6e6e2 2008.1/i586/mplayer-doc-1.0-1.rc2.10.3mdv2008.1.i586.rpm
edae8ef02bd7511176b17cac685690c6 2008.1/i586/mplayer-gui-1.0-1.rc2.10.3mdv2008.1.i586.rpm
c0033a7acff75a3b0469d04d9dad5a84 2008.1/SRPMS/mplayer-1.0-1.rc2.10.3mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
26bea74f84a5ed367520f481d4c5c1d3 2008.1/x86_64/mencoder-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm
fa84cc334968489e822ff5eda7e5b310 2008.1/x86_64/mplayer-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm
9b1a8ae19758c90487508e429abf14a3 2008.1/x86_64/mplayer-doc-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm
5348eac886ab0abbfbffc95dfef3a9e4 2008.1/x86_64/mplayer-gui-1.0-1.rc2.10.3mdv2008.1.x86_64.rpm
c0033a7acff75a3b0469d04d9dad5a84 2008.1/SRPMS/mplayer-1.0-1.rc2.10.3mdv2008.1.src.rpm
Corporate 3.0:
88de2e0d1778f0b6559d5212197cd22a corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.16.C30mdk.i586.rpm
a8ea83b08be774da5331ed8d9b0e1105 corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.16.C30mdk.i586.rpm
9dec12f64b68aa8fc9a677f673e180a3 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.16.C30mdk.i586.rpm
629aa4300a95d168bf09606b99d12246 corporate/3.0/i586/mencoder-1.0-0.pre3.14.16.C30mdk.i586.rpm
8422c5b0399372678f95ee8c17df6ba4 corporate/3.0/i586/mplayer-1.0-0.pre3.14.16.C30mdk.i586.rpm
d2afff5a819c129b693e9c8024d45695 corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.16.C30mdk.i586.rpm
1158a9332df052cc32a1dcc17a486278 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.16.C30mdk.src.rpm
Corporate 3.0/X86_64:
e0338d0c3cb1e2c33d50d63ab9a4627f corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
fd765680b0928c0c75f01fda39fd822b corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
4c6c6b477acaf47ecf7ddd5fd15916a0 corporate/3.0/x86_64/mencoder-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
7282864f91152a9cc2d1a93fe9f93732 corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
b6b49c3aec318ea67e31b8ca94597ad5 corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.16.C30mdk.x86_64.rpm
1158a9332df052cc32a1dcc17a486278 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.16.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFIzrNimqjQ0CJFipgRAkr7AJ4u8znjrGIa7dFOiZJUrLUHJdqMewCgoKGj
77QOBVd+lDmbTA6V+PTHMzA=
=mYmF
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists