[Security Announce] [ MDKSA-2007:112 ] - Updated mplayer packages fix buffer overflow vulnerability
Posted on: 06/05/2007 02:05 AM

The Mandriva Security Team published a new security update for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2007:112
http://www.mandriva.com/security/
_______________________________________________________________________

Package : mplayer
Date : June 4, 2007
Affected: 2007.0, 2007.1, Corporate 3.0
_______________________________________________________________________

Problem Description:

Buffer overflow in the asmrp_eval function for the Real Media input
plugin allows remote attackers to cause a denial of service and
possibly execute arbitrary code via a rulebook with a large number
of rulematches.

Updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6172
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2007.0:
830fb73b1b7ef7bce6f6f21a44d9e89f 2007.0/i586/libdha1.0-1.0-1.pre8.13.3mdv2007.0.i586.rpm
0235e5abe7ff905ccbe2623876946915 2007.0/i586/mencoder-1.0-1.pre8.13.3mdv2007.0.i586.rpm
54faca2a832a87403e4ac4f02b719d9e 2007.0/i586/mplayer-1.0-1.pre8.13.3mdv2007.0.i586.rpm
3adef91daba9c23859a411e6e7fed99d 2007.0/i586/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.i586.rpm
77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm

Mandriva Linux 2007.0/X86_64:
7db8e08bbc3a2a7780b9cb6172372966 2007.0/x86_64/mencoder-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm
5b94344377c17fc27cc6387c1f8d56dc 2007.0/x86_64/mplayer-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm
ec5d71b9b1ab30deb6fe717a4361c7ed 2007.0/x86_64/mplayer-gui-1.0-1.pre8.13.3mdv2007.0.x86_64.rpm
77b7d6c6bcaeabeacffc1a67b11783e3 2007.0/SRPMS/mplayer-1.0-1.pre8.13.3mdv2007.0.src.rpm

Mandriva Linux 2007.1:
e35f5cf2df21511dc7c1b8b5d95a4936 2007.1/i586/libdha1.0-1.0-1.rc1.11.1mdv2007.1.i586.rpm
da4702585498a73d5697e55a5e08f834 2007.1/i586/mencoder-1.0-1.rc1.11.1mdv2007.1.i586.rpm
22be41581519dc8d8e6e1a28472fe35d 2007.1/i586/mplayer-1.0-1.rc1.11.1mdv2007.1.i586.rpm
76bd7950cd1790bbf3caeaa3de75202a 2007.1/i586/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.i586.rpm
48cc118f6e33ddc1db7268b7a4436c51 2007.1/i586/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.i586.rpm
f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm

Mandriva Linux 2007.1/X86_64:
780ef1ea825746d89c0ad855920383fe 2007.1/x86_64/mencoder-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm
1d338368b9c85ba5b537eab6d7458e26 2007.1/x86_64/mplayer-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm
274d7330781b618dcf413fda2231615f 2007.1/x86_64/mplayer-doc-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm
955284559324b44e9e6ddbf60c682d68 2007.1/x86_64/mplayer-gui-1.0-1.rc1.11.1mdv2007.1.x86_64.rpm
f6328948547b7dcb4c085ce1e959986f 2007.1/SRPMS/mplayer-1.0-1.rc1.11.1mdv2007.1.src.rpm

Corporate 3.0:
f1b7f04506edd2f048821aa868f312b0 corporate/3.0/i586/libdha0.1-1.0-0.pre3.14.11.C30mdk.i586.rpm
4250be5ebe5ccae0f1233343699aa3a9 corporate/3.0/i586/libpostproc0-1.0-0.pre3.14.11.C30mdk.i586.rpm
9c2ee76860184398988a33347d591fd2 corporate/3.0/i586/libpostproc0-devel-1.0-0.pre3.14.11.C30mdk.i586.rpm
5d1d7efad438f4c645a9124b6c5a2ac8 corporate/3.0/i586/mencoder-1.0-0.pre3.14.11.C30mdk.i586.rpm
fdd5ab4e3aefef7ea1f42c2bbf48d860 corporate/3.0/i586/mplayer-1.0-0.pre3.14.11.C30mdk.i586.rpm
b493e323ce7e94c5728cc2a373c40fc5 corporate/3.0/i586/mplayer-gui-1.0-0.pre3.14.11.C30mdk.i586.rpm
228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm

Corporate 3.0/X86_64:
5703a3b6ccd14cd700762f63b9da58ca corporate/3.0/x86_64/lib64postproc0-1.0-0.pre3.14.11.C30mdk.x86_64.rpm
16152708c55cd45a374398cb1b0aff1a corporate/3.0/x86_64/lib64postproc0-devel-1.0-0.pre3.14.11.C30mdk.x86_64.rpm
2fc00f3155f4f51875b66ae27207c275 corporate/3.0/x86_64/mplayer-1.0-0.pre3.14.11.C30mdk.x86_64.rpm
152fbb089a239522190c7ec6d1720c46 corporate/3.0/x86_64/mplayer-gui-1.0-0.pre3.14.11.C30mdk.x86_64.rpm
228c3d1cfdc176ce0ca36af225a15683 corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.11.C30mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGZGKsmqjQ0CJFipgRArfTAJ9R4vCvsq/7/ihChUth5SohCQxQPACfbY+W
GsEyIsiCdItN1JAcODQN35Y=
=ZDrW
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/security_announce_mdksa_2007112__updated_mplayer_packages_fix_buffer_overflow_vulnerability.html)