MDKSA-2004:026 - Updated mplayer packages fix remotely exploitable vulnerability
Posted on: 04/06/2004 03:53 AM

Updated mplayer packages are available for Mandrake Linux
_______________________________________________________________________

Mandrakelinux Security Update Advisory
_______________________________________________________________________

Package name: mplayer
Advisory ID: MDKSA-2004:026
Date: April 5th, 2004

Affected versions: 10.0, 9.2
______________________________________________________________________

Problem Description:

A remotely exploitable buffer overflow vulnerability was found in MPlayer. A malicious host can craft a harmful HTTP header ("Location:"), and trick MPlayer into executing arbitrary code upon parsing that header.

The updated packages contain a patch from the MPlayer development team to correct the problem.

_______________________________________________________________________

References:

http://www.mplayerhq.hu/homepage/design6/news.html
______________________________________________________________________

Updated Packages:

Mandrakelinux 10.0:
134aa1652ff5325837ee0d1dd7062b2f 10.0/RPMS/libdha0.1-1.0-0.pre3.13.100mdk.i586.rpm
59d793c4ee7906121ad4c5847d8c48e5 10.0/RPMS/libpostproc0-1.0-0.pre3.13.100mdk.i586.rpm
379cfc3fca85254dc9e02e7dcfe3b8a5 10.0/RPMS/libpostproc0-devel-1.0-0.pre3.13.100mdk.i586.rpm
3255b8d6b3c07ab7e850291ccf448be4 10.0/RPMS/mencoder-1.0-0.pre3.13.100mdk.i586.rpm
8d9d2d1acdc13f45bf4145d57d2d8279 10.0/RPMS/mplayer-1.0-0.pre3.13.100mdk.i586.rpm
0326d955c0bd11c1f108c25bd6afec7c 10.0/RPMS/mplayer-gui-1.0-0.pre3.13.100mdk.i586.rpm
911e55e683df88c41df9ef9f2b09493f 10.0/SRPMS/mplayer-1.0-0.pre3.13.100mdk.src.rpm

Mandrakelinux 9.2:
d2335a0b3a0309a109db619a3c1247cd 9.2/RPMS/libdha0.1-0.91-8.2.92mdk.i586.rpm
3f739b2b8da578eec51d6c470d016861 9.2/RPMS/libpostproc0-0.91-8.2.92mdk.i586.rpm
bea49f0df30a6fc90c08ce7de955ad51 9.2/RPMS/libpostproc0-devel-0.91-8.2.92mdk.i586.rpm
fc157454aebde5fc4b40688c920987ff 9.2/RPMS/mencoder-0.91-8.2.92mdk.i586.rpm
ab6cbd8a28a845d714f5e572dadbd52b 9.2/RPMS/mplayer-0.91-8.2.92mdk.i586.rpm
18f43c4247b164f9c11dd2a70ab707c5 9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.i586.rpm
f930e2754ab5d7e284a71f5a9f40cc38 9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm

Mandrakelinux 9.2/AMD64:
b48538a9d9183d02d57b21b4b4fa1b02 amd64/9.2/RPMS/lib64postproc0-0.91-8.2.92mdk.amd64.rpm
19b0ae1cc45534f2b389059a64fde38c amd64/9.2/RPMS/lib64postproc0-devel-0.91-8.2.92mdk.amd64.rpm
ec3be0bf7521721acf91f863d5af8bbc amd64/9.2/RPMS/mencoder-0.91-8.2.92mdk.amd64.rpm
184a24f4121e7999cc650cb99f18e935 amd64/9.2/RPMS/mplayer-0.91-8.2.92mdk.amd64.rpm
e75f2c67e14004edaa204968ad92a134 amd64/9.2/RPMS/mplayer-gui-0.91-8.2.92mdk.amd64.rpm
f930e2754ab5d7e284a71f5a9f40cc38 amd64/9.2/SRPMS/mplayer-0.91-8.2.92mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

A list of FTP mirrors can be obtained from:

http://www.mandrakesecure.net/en/ftp.php

All packages are signed by Mandrakesoft for security. You can obtain the GPG public key of the Mandrakelinux Security Team by executing:

gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98

Please be aware that sometimes it takes the mirrors a few hours to update.


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/mdksa_2004026__updated_mplayer_packages_fix_remotely_exploitable_vulnerability.html)