'[Security Announce] MDKSA-2005:115 - Updated mplayer packages fix'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-security-announce
Subject:    [Security Announce] MDKSA-2005:115 - Updated mplayer packages fix
From:       Mandriva Security Team <security () mandriva ! com>
Date:       2005-07-12 2:29:22
Message-ID: E1DsAWQ-0005KS-Hn () mercury ! mandriva ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandriva Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           mplayer
 Advisory ID:            MDKSA-2005:115
 Date:                   July 11th, 2005

 Affected versions:	 10.1, 10.2, Corporate 3.0
 ______________________________________________________________________

 Problem Description:

 Two heap overflows were discovered in mplayer's code handling the
 RealMedia RTSP and Microsoft Media Services streams over TCP (MMST).
 These vulnerabilities could allow for a malicious server to execute
 arbitrary code on the client computer with the permissions of the
 user running MPlayer.
 
 The updated packages have been patched to correct this problem.
 _______________________________________________________________________

 References:

  http://www.mplayerhq.hu/homepage/design7/news.html#vuln10
  http://www.mplayerhq.hu/homepage/design7/news.html#vuln11
 ______________________________________________________________________

 Updated Packages:
  
 Mandrakelinux 10.1:
 bd10af1b022eab6c708b798b788d8f8f  10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm
 0f045ff30c496287bca8ecb70fd3f9d4  \
10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm  \
2d6cc0414095376592ca2f31b530e139  \
10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm  \
083b1fd4689665cc07477f87d171d614  10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm  \
8428f9c5e8216dc20f92ddccbaaa906c  10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm  \
596d46dd4d84deda9e5b38910e4d6f78  \
10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm  \
b74e89d4c606c99857a5a5a4314e2cc3  10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm

 Mandrakelinux 10.1/X86_64:
 bd10af1b022eab6c708b798b788d8f8f  \
x86_64/10.1/RPMS/libdha1.0-1.0-0.pre5.8.1.101mdk.i586.rpm  \
0f045ff30c496287bca8ecb70fd3f9d4  \
x86_64/10.1/RPMS/libpostproc0-1.0-0.pre5.8.1.101mdk.i586.rpm  \
2d6cc0414095376592ca2f31b530e139  \
x86_64/10.1/RPMS/libpostproc0-devel-1.0-0.pre5.8.1.101mdk.i586.rpm  \
083b1fd4689665cc07477f87d171d614  \
x86_64/10.1/RPMS/mencoder-1.0-0.pre5.8.1.101mdk.i586.rpm  \
8428f9c5e8216dc20f92ddccbaaa906c  \
x86_64/10.1/RPMS/mplayer-1.0-0.pre5.8.1.101mdk.i586.rpm  \
596d46dd4d84deda9e5b38910e4d6f78  \
x86_64/10.1/RPMS/mplayer-gui-1.0-0.pre5.8.1.101mdk.i586.rpm  \
b74e89d4c606c99857a5a5a4314e2cc3  \
x86_64/10.1/SRPMS/mplayer-1.0-0.pre5.8.1.101mdk.src.rpm

 Mandrakelinux 10.2:
 4c177eb3a8868ef01de7f8f645a8df1e  10.2/RPMS/libdha1.0-1.0-0.pre6.8.1.102mdk.i586.rpm
 e1c7dbc6206e73501b30eb57effdac5a  \
10.2/RPMS/libpostproc0-1.0-0.pre6.8.1.102mdk.i586.rpm  \
2d3e70104fdb6d95895a7ee2bde6595d  \
10.2/RPMS/libpostproc0-devel-1.0-0.pre6.8.1.102mdk.i586.rpm  \
99a4599c171c4d497a846ea04ca17f69  10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.i586.rpm  \
c227f20edb5d7918baf3c57bb0873821  10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.i586.rpm  \
fbd9082c731f6f2c1ffb9e4f8d34b3b9  \
10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.i586.rpm  \
99eae364cc22227fd060a30c04d16ee0  10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm

 Mandrakelinux 10.2/X86_64:
 4fac156842e3d8128f3db891176cf5bc  \
x86_64/10.2/RPMS/lib64postproc0-1.0-0.pre6.8.1.102mdk.x86_64.rpm  \
4e400c2a8eec069eb48b174dad260630  \
x86_64/10.2/RPMS/lib64postproc0-devel-1.0-0.pre6.8.1.102mdk.x86_64.rpm  \
4b6be0070a94b344a273c58a72887e09  \
x86_64/10.2/RPMS/mencoder-1.0-0.pre6.8.1.102mdk.x86_64.rpm  \
74c034b62e9a521bc1940a055ed85efa  \
x86_64/10.2/RPMS/mplayer-1.0-0.pre6.8.1.102mdk.x86_64.rpm  \
939796a7a34edfd1a28ede74945f6476  \
x86_64/10.2/RPMS/mplayer-gui-1.0-0.pre6.8.1.102mdk.x86_64.rpm  \
99eae364cc22227fd060a30c04d16ee0  \
x86_64/10.2/SRPMS/mplayer-1.0-0.pre6.8.1.102mdk.src.rpm

 Corporate 3.0:
 d41099adcaa6d11c38e89b576cd29c0e  \
corporate/3.0/RPMS/libdha0.1-1.0-0.pre3.14.2.C30mdk.i586.rpm  \
957d003a9d6a87dcef47000389cf1718  \
corporate/3.0/RPMS/libpostproc0-1.0-0.pre3.14.2.C30mdk.i586.rpm  \
2e03d433c8c85d92fd5f3b55993657a4  \
corporate/3.0/RPMS/libpostproc0-devel-1.0-0.pre3.14.2.C30mdk.i586.rpm  \
c7db9472c5307cf4b2101cf85258374b  \
corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.i586.rpm  \
2ff16f611b2e04279d82d334d22e09b2  \
corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.i586.rpm  \
c893a7b1127e6a6b882f8a805197f704  \
corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.i586.rpm  \
33af37ca45913f9143a14c54cf599ea9  \
corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 d56e4c1c37fc14c358679c9965a1a631  \
x86_64/corporate/3.0/RPMS/lib64postproc0-1.0-0.pre3.14.2.C30mdk.x86_64.rpm  \
855ab006ca3e953ff0b2e74dc945ec4e  \
x86_64/corporate/3.0/RPMS/lib64postproc0-devel-1.0-0.pre3.14.2.C30mdk.x86_64.rpm  \
735165e505cd65f4c035778e681b4da1  \
x86_64/corporate/3.0/RPMS/mencoder-1.0-0.pre3.14.2.C30mdk.x86_64.rpm  \
0bbec21ba423cdeb16d1d3a86ce48d70  \
x86_64/corporate/3.0/RPMS/mplayer-1.0-0.pre3.14.2.C30mdk.x86_64.rpm  \
314b912d457e48b4a09ca03e94600310  \
x86_64/corporate/3.0/RPMS/mplayer-gui-1.0-0.pre3.14.2.C30mdk.x86_64.rpm  \
33af37ca45913f9143a14c54cf599ea9  \
x86_64/corporate/3.0/SRPMS/mplayer-1.0-0.pre3.14.2.C30mdk.src.rpm  \
_______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFC0ysCmqjQ0CJFipgRAlNDAJ4lZnvklyyUurdn8Kxq3bu3R2d3eQCcDyXh
yppl4sZhLzPezuTB76yx7Lw=
=Vq9x
-----END PGP SIGNATURE-----


["message.footer" (text/plain)]

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva? 
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic