[prev in list] [next in list] [prev in thread] [next in thread]
List: mandrake-security-announce
Subject: [Security Announce] MDKSA-2005:115 - Updated mplayer packages fix
From: Mandriva Security Team <security () mandriva ! com>
Date: 2005-07-12 2:29:22
Message-ID: E1DsAWQ-0005KS-Hn () mercury ! mandriva ! com
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Update Advisory
_______________________________________________________________________
Package name: mplayer
Advisory ID: MDKSA-2005:115
Date: July 11th, 2005
Affected versions: 10.1, 10.2, Corporate 3.0
______________________________________________________________________
Problem Description:
Two heap overflows were discovered in mplayer's code handling the
RealMedia RTSP and Microsoft Media Services streams over TCP (MMST).
These vulnerabilities could allow for a malicious server to execute
arbitrary code on the client computer with the permissions of the
user running MPlayer.
The updated packages have been patched to correct this problem.
_______________________________________________________________________
References:
http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
bd10af1b022eab6c708b798b788d8f8f 10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm
0f045ff30c496287bca8ecb70fd3f9d4 \
10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm \
2d6cc0414095376592ca2f31b530e139 \
10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm \
083b1fd4689665cc07477f87d171d614 10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm \
8428f9c5e8216dc20f92ddccbaaa906c 10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm \
596d46dd4d84deda9e5b38910e4d6f78 \
10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm \
b74e89d4c606c99857a5a5a4314e2cc3 10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
bd10af1b022eab6c708b798b788d8f8f \
x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm \
0f045ff30c496287bca8ecb70fd3f9d4 \
x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm \
2d6cc0414095376592ca2f31b530e139 \
x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm \
083b1fd4689665cc07477f87d171d614 \
x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm \
8428f9c5e8216dc20f92ddccbaaa906c \
x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm \
596d46dd4d84deda9e5b38910e4d6f78 \
x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm \
b74e89d4c606c99857a5a5a4314e2cc3 \
x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm
Mandrakelinux 10.2:
4c177eb3a8868ef01de7f8f645a8df1e 10.2/RPMS/libdha1.0-1.0-0.pre6.8.1.102mdk.i586.rpm
e1c7dbc6206e73501b30eb57effdac5a \
10.2/RPMS/libpostproc0-1.0-0.pre6.8.1.102mdk.i586.rpm \
2d3e70104fdb6d95895a7ee2bde6595d \
10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.1.102mdk.i586.rpm \
99a4599c171c4d497a846ea04ca17f69 10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.i586.rpm \
c227f20edb5d7918baf3c57bb0873821 10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.i586.rpm \
fbd9082c731f6f2c1ffb9e4f8d34b3b9 \
10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.i586.rpm \
99eae364cc22227fd060a30c04d16ee0 10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm
Mandrakelinux 10.2/X86_64:
4fac156842e3d8128f3db891176cf5bc \
x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.1.102mdk.x86_64.rpm \
4e400c2a8eec069eb48b174dad260630 \
x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.1.102mdk.x86_64.rpm \
4b6be0070a94b344a273c58a72887e09 \
x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.x86_64.rpm \
74c034b62e9a521bc1940a055ed85efa \
x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.x86_64.rpm \
939796a7a34edfd1a28ede74945f6476 \
x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.x86_64.rpm \
99eae364cc22227fd060a30c04d16ee0 \
x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm
Corporate 3.0:
d41099adcaa6d11c38e89b576cd29c0e \
corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.2.C30mdk.i586.rpm \
957d003a9d6a87dcef47000389cf1718 \
corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.2.C30mdk.i586.rpm \
2e03d433c8c85d92fd5f3b55993657a4 \
corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.2.C30mdk.i586.rpm \
c7db9472c5307cf4b2101cf85258374b \
corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.i586.rpm \
2ff16f611b2e04279d82d334d22e09b2 \
corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.i586.rpm \
c893a7b1127e6a6b882f8a805197f704 \
corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.i586.rpm \
33af37ca45913f9143a14c54cf599ea9 \
corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm
Corporate 3.0/X86_64:
d56e4c1c37fc14c358679c9965a1a631 \
x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.2.C30mdk.x86_64.rpm \
855ab006ca3e953ff0b2e74dc945ec4e \
x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.2.C30mdk.x86_64.rpm \
735165e505cd65f4c035778e681b4da1 \
x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.x86_64.rpm \
0bbec21ba423cdeb16d1d3a86ce48d70 \
x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.x86_64.rpm \
314b912d457e48b4a09ca03e94600310 \
x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.x86_64.rpm \
33af37ca45913f9143a14c54cf599ea9 \
x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm \
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC0ysCmqjQ0CJFipgRAlNDAJ4lZnvklyyUurdn8Kxq3bu3R2d3eQCcDyXh
yppl4sZhLzPezuTB76yx7Lw=
=Vq9x
-----END PGP SIGNATURE-----
["message.footer" (text/plain)]
To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic